Lista CVE - 2023 / Novembre
Visualizzazione 401 - 500 di 2443 CVE per Novembre 2023 (Pagina 5 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-35911 | 2023-11-06 | WordPress Contact Form Generator Plugin <= 2.6.0 is vulnerable to SQL Injection |
| CVE-2023-45657 | 2023-11-06 | WordPress Nexter Theme <= 2.0.3 is vulnerable to SQL Injection |
| CVE-2023-45830 | 2023-11-06 | WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection |
| CVE-2023-46084 | 2023-11-06 | WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection |
| CVE-2023-46821 | 2023-11-06 | WordPress GD Security Headers Plugin <= 1.7 is vulnerable to SQL Injection |
| CVE-2023-46823 | 2023-11-06 | WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection |
| CVE-2023-46782 | 2023-11-06 | WordPress MomentoPress for Momento360 Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46783 | 2023-11-06 | WordPress Pre-Orders for WooCommerce Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46822 | 2023-11-06 | WordPress WooCommerce – Store Exporter Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23702 | 2023-11-06 | WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46824 | 2023-11-06 | WordPress Slick Popup Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47177 | 2023-11-06 | WordPress Linker Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47182 | 2023-11-06 | WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47184 | 2023-11-06 | WordPress Admin Bar & Dashboard Access Control Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4996 | 2023-11-06 | Local privilege escalation |
| CVE-2023-5831 | 2023-11-06 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-5825 | 2023-11-06 | Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab |
| CVE-2023-47185 | 2023-11-06 | WordPress wpDiscuz Plugin <= 7.6.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5090 | 2023-11-06 | Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs |
| CVE-2023-46775 | 2023-11-06 | WordPress Original texts Yandex WebMaster Plugin <= 1.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46776 | 2023-11-06 | WordPress Auto Excerpt everywhere Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46777 | 2023-11-06 | WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46778 | 2023-11-06 | WordPress Auto Limit Posts Reloaded Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46779 | 2023-11-06 | WordPress EasyRecipe Plugin <= 3.5.3251 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46780 | 2023-11-06 | WordPress Alter Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46781 | 2023-11-06 | WordPress Current Menu Item for Custom Post Types Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5823 | 2023-11-06 | WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47186 | 2023-11-06 | WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3246 | 2023-11-06 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-3909 | 2023-11-06 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-3399 | 2023-11-06 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-45161 | 2023-11-06 | 1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution |
| CVE-2023-5963 | 2023-11-06 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-45163 | 2023-11-06 | 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution |
| CVE-2023-5964 | 2023-11-06 | 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution |
| CVE-2023-4910 | 2023-11-06 | 3scale-admin-portal: logged out users tokens can be accessed |
| CVE-2023-5950 | 2023-11-06 | Rapid7 Velociraptor Reflected XSS |
| CVE-2023-41378 | 2023-11-06 | Calico Typha hangs during unclean TLS handshake |
| CVE-2023-5967 | 2023-11-06 | Denial of Service via crashing the Calls Plugin |
| CVE-2023-5968 | 2023-11-06 | Password hash in response body after username update |
| CVE-2023-5678 | 2023-11-06 | Excessive time spent in DH check / generation with large Q parameter value |
| CVE-2023-5969 | 2023-11-06 | Denial of Service via Link Preview in /api/v4/redirect_location |
| CVE-2023-4535 | 2023-11-06 | Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys |
| CVE-2023-40660 | 2023-11-06 | Opensc: potential pin bypass when card tracks its own login state |
| CVE-2023-40661 | 2023-11-06 | Opensc: multiple memory issues with pkcs15-init (enrollment tool) |
| CVE-2023-46728 | 2023-11-06 | SQUID-2021:8 Denial of Service in Gopher gateway |
| CVE-2023-45827 | 2023-11-06 | Prototype Pollution vulnerability in @clickbar/dot-diver |
| CVE-2023-4700 | 2023-11-06 | Missing Authorization in GitLab |
| CVE-2023-44398 | 2023-11-06 | Out-of-bounds write in exiv2 |
| CVE-2023-46251 | 2023-11-06 | Visual editor persistent Cross-site Scripting (XSS) in MyBB |
| CVE-2023-39345 | 2023-11-06 | Unauthorized Access to Private Fields in User Registration API in strapi |
| CVE-2023-46254 | 2023-11-06 | Service accounts can see namespaces of other tenants in capsule-proxy |
| CVE-2023-46732 | 2023-11-06 | Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform |
| CVE-2023-46731 | 2023-11-06 | Remote code execution through the section parameter in Administration as guest in XWiki Platform |
| CVE-2023-5777 | 2023-11-06 | Weintek EasyBuilder Pro Use of Hard-coded Credentials |
| CVE-2023-5719 | 2023-11-06 | Red Lion Crimson Improper Neutralization of Null Byte or NUL Character |
| CVE-2023-5771 | 2023-11-06 | HTML injection in AdminUI through email subject |
| CVE-2023-5454 | 2023-11-06 | Templately < 2.2.6 - Arbitrary post trashing via Missing Authorization |
| CVE-2023-5354 | 2023-11-06 | Awesome Support < 6.1.5 - Reflected Cross-Site Scripting |
| CVE-2023-5082 | 2023-11-06 | History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection |
| CVE-2023-5228 | 2023-11-06 | User Registration < 3.0.4.2 - Admin+ Stored XSS |
| CVE-2023-5352 | 2023-11-06 | Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply |
| CVE-2023-4930 | 2023-11-06 | Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing |
| CVE-2023-4810 | 2023-11-06 | Responsive Pricing Table < 5.1.8 - Admin+ Stored Cross-Site Scriping |
| CVE-2023-4858 | 2023-11-06 | WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-5181 | 2023-11-06 | WP Discord Invite < 2.5.2 - Admin+ Stored Cross Site Scripting |
| CVE-2023-5530 | 2023-11-06 | Ninja Forms < 3.6.34 - Admin+ Stored XSS |
| CVE-2023-5601 | 2023-11-06 | WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload |
| CVE-2023-5355 | 2023-11-06 | Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion |
| CVE-2023-5605 | 2023-11-06 | URL Shortify < 1.7.9.1 - Admin+ Stored XSS |
| CVE-2023-36769 | 2023-11-06 | Microsoft OneNote Spoofing Vulnerability |
| CVE-2023-36409 | 2023-11-06 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2021-43419 | 2023-11-07 | An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app. |
| CVE-2023-33478 | 2023-11-07 | RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. |
| CVE-2023-33479 | 2023-11-07 | RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. |
| CVE-2023-33480 | 2023-11-07 | RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on... |
| CVE-2023-33481 | 2023-11-07 | RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php. |
| CVE-2023-42283 | 2023-11-07 | Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. |
| CVE-2023-42284 | 2023-11-07 | Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. |
| CVE-2023-42361 | 2023-11-07 | Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts... |
| CVE-2023-43885 | 2023-11-07 | Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. |
| CVE-2023-43886 | 2023-11-07 | A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory. |
| CVE-2023-43984 | 2023-11-07 | Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. |
| CVE-2023-45380 | 2023-11-07 | In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to... |
| CVE-2023-46001 | 2023-11-07 | Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data. |
| CVE-2023-46501 | 2023-11-07 | An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. |
| CVE-2023-46998 | 2023-11-07 | Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions. |
| CVE-2023-47359 | 2023-11-07 | Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. |
| CVE-2023-47360 | 2023-11-07 | Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. |
| CVE-2023-47455 | 2023-11-07 | Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their... |
| CVE-2023-47456 | 2023-11-07 | Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. |
| CVE-2023-41425 | 2023-11-07 | Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. |
| CVE-2023-47102 | 2023-11-07 | UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid. |
| CVE-2023-5976 | 2023-11-07 | Improper Access Control in microweber/microweber |
| CVE-2023-35140 | 2023-11-07 | The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device. |
| CVE-2023-21671 | 2023-11-07 | Improper Input Validation in Core |
| CVE-2023-22388 | 2023-11-07 | Use of Out-of-range Pointer Offset in Multi-mode Call Processor |
| CVE-2023-24852 | 2023-11-07 | Improper Authentication in Core |
| CVE-2023-28545 | 2023-11-07 | Improper Restriction of Operations within the Bounds of a Memory Buffer in TZ Secure OS |
| CVE-2023-28553 | 2023-11-07 | Buffer Over-read in WLAN Host |