Lista CVE - 2023 / Novembre
Visualizzazione 101 - 200 di 2443 CVE per Novembre 2023 (Pagina 2 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-20196 | 2023-11-01 | Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials... |
| CVE-2023-20255 | 2023-11-01 | A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability... |
| CVE-2023-20031 | 2023-11-01 | A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort... |
| CVE-2023-20048 | 2023-11-01 | A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat... |
| CVE-2023-20071 | 2023-11-01 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This... |
| CVE-2023-5766 | 2023-11-01 | A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host... |
| CVE-2023-20070 | 2023-11-01 | A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly... |
| CVE-2023-20219 | 2023-11-01 | Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The... |
| CVE-2023-20220 | 2023-11-01 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To... |
| CVE-2023-20264 | 2023-11-01 | A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat... |
| CVE-2023-20042 | 2023-11-01 | A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause... |
| CVE-2023-20063 | 2023-11-01 | Cisco Cisco Firepower Threat Defense Software and Cisco Firepower Management Center Code Injection Vulnerability |
| CVE-2023-5765 | 2023-11-01 | Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. |
| CVE-2023-20170 | 2023-11-01 | A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.... |
| CVE-2023-20175 | 2023-11-01 | A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.... |
| CVE-2023-20246 | 2023-11-01 | Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This... |
| CVE-2023-5480 | 2023-11-01 | Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) |
| CVE-2023-5482 | 2023-11-01 | Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-5849 | 2023-11-01 | Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-5850 | 2023-11-01 | Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) |
| CVE-2023-5851 | 2023-11-01 | Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-5852 | 2023-11-01 | Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption... |
| CVE-2023-5853 | 2023-11-01 | Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-5854 | 2023-11-01 | Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption... |
| CVE-2023-5855 | 2023-11-01 | Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap... |
| CVE-2023-5856 | 2023-11-01 | Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap... |
| CVE-2023-5857 | 2023-11-01 | Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) |
| CVE-2023-5858 | 2023-11-01 | Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-5859 | 2023-11-01 | Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity:... |
| CVE-2023-20095 | 2023-11-01 | A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause... |
| CVE-2023-20247 | 2023-11-01 | A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to... |
| CVE-2023-20267 | 2023-11-01 | A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP... |
| CVE-2023-20083 | 2023-11-01 | A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU... |
| CVE-2023-5358 | 2023-11-01 | Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via... |
| CVE-2023-1192 | 2023-11-01 | Use-after-free in smb2_is_status_io_timeout() |
| CVE-2023-3397 | 2023-11-01 | Kernel: slab-use-after-free write in txend due to race condition |
| CVE-2023-46724 | 2023-11-01 | SQUID-2023:4 Denial of Service in SSL Certificate validation |
| CVE-2023-1193 | 2023-11-01 | Use-after-free in setup_async_work() |
| CVE-2023-45201 | 2023-11-01 | Online Examination System v1.0 - Multiple Open Redirects |
| CVE-2023-45202 | 2023-11-01 | Online Examination System v1.0 - Multiple Open Redirects |
| CVE-2023-45203 | 2023-11-01 | Online Examination System v1.0 - Multiple Open Redirects |
| CVE-2023-5910 | 2023-11-01 | PopojiCMS Web Config install.php cross site scripting |
| CVE-2023-31579 | 2023-11-02 | Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via... |
| CVE-2023-39042 | 2023-11-02 | An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39047 | 2023-11-02 | An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39048 | 2023-11-02 | An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39050 | 2023-11-02 | An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39051 | 2023-11-02 | An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39053 | 2023-11-02 | An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39054 | 2023-11-02 | An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39057 | 2023-11-02 | An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39283 | 2023-11-02 | An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which... |
| CVE-2023-39284 | 2023-11-02 | An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler. |
| CVE-2023-42299 | 2023-11-02 | Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. |
| CVE-2023-43193 | 2023-11-02 | Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS. |
| CVE-2023-43194 | 2023-11-02 | Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter. |
| CVE-2023-43336 | 2023-11-02 | Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. |
| CVE-2023-46352 | 2023-11-02 | In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information... |
| CVE-2023-46475 | 2023-11-02 | A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript... |
| CVE-2023-46695 | 2023-11-02 | An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to... |
| CVE-2023-46925 | 2023-11-02 | Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-46958 | 2023-11-02 | An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. |
| CVE-2023-47204 | 2023-11-02 | Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. |
| CVE-2023-45111 | 2023-11-02 | Online Examination System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45012 | 2023-11-02 | Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45015 | 2023-11-02 | Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45018 | 2023-11-02 | Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45019 | 2023-11-02 | Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46327 | 2023-11-02 | Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption... |
| CVE-2023-5408 | 2023-11-02 | Openshift: modification of node role labels |
| CVE-2023-46595 | 2023-11-02 | Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor |
| CVE-2023-5876 | 2023-11-02 | Regex DoS from a malicious server enrolled in Desktop |
| CVE-2023-5875 | 2023-11-02 | Lack of Hardening against media exploitation from a remote origin |
| CVE-2023-5606 | 2023-11-02 | The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it... |
| CVE-2023-5920 | 2023-11-02 | Lack Of Secure Keyboard Entry Protection in MacOS Desktop |
| CVE-2023-43087 | 2023-11-02 | Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure. |
| CVE-2023-5916 | 2023-11-02 | Lissy93 Dashy Configuration save access control |
| CVE-2023-5917 | 2023-11-02 | phpBB Smiley Pack acp_icons.php main cross site scripting |
| CVE-2023-43076 | 2023-11-02 | Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition. |
| CVE-2023-5918 | 2023-11-02 | SourceCodester Visitor Management System manage_user.php sql injection |
| CVE-2023-5860 | 2023-11-02 | The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including,... |
| CVE-2023-3164 | 2023-11-02 | Heap-buffer-overflow in extractimagesection() |
| CVE-2023-26452 | 2023-11-02 | Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent... |
| CVE-2023-26453 | 2023-11-02 | Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter... |
| CVE-2023-26454 | 2023-11-02 | Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter... |
| CVE-2023-26455 | 2023-11-02 | RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted... |
| CVE-2023-26456 | 2023-11-02 | Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site... |
| CVE-2023-29043 | 2023-11-02 | Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could... |
| CVE-2023-29044 | 2023-11-02 | Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively... |
| CVE-2023-29045 | 2023-11-02 | Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for... |
| CVE-2023-29046 | 2023-11-02 | Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be... |
| CVE-2023-29047 | 2023-11-02 | Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially... |
| CVE-2023-45323 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45325 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45334 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45336 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-5919 | 2023-11-02 | SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload |
| CVE-2023-42802 | 2023-11-02 | GLPI vulnerable to unallowed PHP script execution |
| CVE-2023-45340 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45342 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |