Lista CVE - 2023 / Novembre
Visualizzazione 2401 - 2443 di 2443 CVE per Novembre 2023 (Pagina 25 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-48272 | 2023-11-30 | WordPress Maspik – Spam blacklist Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47877 | 2023-11-30 | WordPress Perfmatters Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47876 | 2023-11-30 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47872 | 2023-11-30 | WordPress wpForo Forum Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47853 | 2023-11-30 | WordPress myCred Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47848 | 2023-11-30 | WordPress Tainacan Plugin <= 0.20.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31176 | 2023-11-30 | Insufficient entropy vulnerability could lead to authentication bypass |
| CVE-2023-31177 | 2023-11-30 | Improper neutralizataion of input could lead to execution of arbitrary code |
| CVE-2023-34388 | 2023-11-30 | Improper authentication could lead to session hijacking |
| CVE-2023-47844 | 2023-11-30 | WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34389 | 2023-11-30 | Allocation of resources without limits could lead to denial of service |
| CVE-2023-34390 | 2023-11-30 | Improper input validation could lead to denial of service |
| CVE-2023-2264 | 2023-11-30 | Improper input validition could lead to code injection |
| CVE-2023-2265 | 2023-11-30 | Improper restriction of rendered UI layers or frames could lead to clickjacking attack |
| CVE-2023-38400 | 2023-11-30 | WordPress Enfold Theme <= 5.6.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2266 | 2023-11-30 | Improper neutralization of input during web page generation could lead to cross-site scripting based attacks |
| CVE-2023-2267 | 2023-11-30 | Improper input validation could lead to reflection injection attacks |
| CVE-2023-47521 | 2023-11-30 | WordPress Q2W3 Post Order Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-6438 | 2023-11-30 | Thecosy IceCMS Like improper enforcement of a single, unique action |
| CVE-2023-34018 | 2023-11-30 | WordPress SoundCloud Shortcode Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47870 | 2023-11-30 | WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF) |
| CVE-2023-6342 | 2023-11-30 | Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass |
| CVE-2023-6341 | 2023-11-30 | Catalis CM360 allows authentication bypass |
| CVE-2023-6343 | 2023-11-30 | Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass |
| CVE-2023-6344 | 2023-11-30 | Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass |
| CVE-2023-6353 | 2023-11-30 | Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass |
| CVE-2023-6354 | 2023-11-30 | Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass |
| CVE-2023-6375 | 2023-11-30 | Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely |
| CVE-2023-6376 | 2023-11-30 | Henschen & Associates court document management software cache uses predictable file names |
| CVE-2023-6352 | 2023-11-30 | Aquaforest TIFF Server default configuration allows access to arbitrary files |
| CVE-2023-6439 | 2023-11-30 | ZenTao PMS cross site scripting |
| CVE-2023-6440 | 2023-11-30 | SourceCodester Book Borrower System add-book.php cross site scripting |
| CVE-2023-6442 | 2023-11-30 | PHPGurukul Nipah Virus Testing Management System add-phlebotomist.php cross site scripting |
| CVE-2023-49735 | 2023-11-30 | Apache Tiles: Unvalidated input may lead to path traversal and XXE |
| CVE-2023-5908 | 2023-11-30 | Heap Based Buffer Overflow in PTC KEPServerEx |
| CVE-2023-39226 | 2023-11-30 | Delta Electronics InfraSuite Device Master Exposed Dangerous Method Or Function |
| CVE-2023-5909 | 2023-11-30 | Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx |
| CVE-2023-46690 | 2023-11-30 | Delta Electronics InfraSuite Device Master Path Traversal |
| CVE-2023-47207 | 2023-11-30 | Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data |
| CVE-2023-47279 | 2023-11-30 | Delta Electronics InfraSuite Device Master Path Traversal |
| CVE-2023-42916 | 2023-11-30 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive... |
| CVE-2023-42917 | 2023-11-30 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to... |
| CVE-2023-43453 | 2023-12-01 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. |
| CVE-2023-43454 | 2023-12-01 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. |
| CVE-2023-43455 | 2023-12-01 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. |
| CVE-2023-45252 | 2023-12-01 | DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users,... |
| CVE-2023-45253 | 2023-12-01 | An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. |
| CVE-2023-48016 | 2023-12-01 | Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. |
| CVE-2023-48801 | 2023-12-01 | In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a... |
| CVE-2023-48813 | 2023-12-01 | Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. |
| CVE-2023-48886 | 2023-12-01 | A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. |
| CVE-2023-48887 | 2023-12-01 | A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. |
| CVE-2023-48893 | 2023-12-01 | SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. |
| CVE-2023-49371 | 2023-12-01 | RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. |
| CVE-2023-48842 | 2023-12-01 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. |
| CVE-2023-43089 | 2023-12-01 | Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of... |
| CVE-2023-5915 | 2023-12-01 | A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to... |
| CVE-2023-5995 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-6033 | 2023-12-01 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2023-5226 | 2023-12-01 | Improper Control of Generation of Code ('Code Injection') in GitLab |
| CVE-2023-4912 | 2023-12-01 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-4658 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-4317 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-3949 | 2023-12-01 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-3964 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-3443 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-5427 | 2023-12-01 | Mali GPU Kernel Driver allows improper GPU processing operations |
| CVE-2023-6449 | 2023-12-01 | The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function... |
| CVE-2023-5634 | 2023-12-01 | SQLi in ArslanSoft's Education Portal |
| CVE-2023-5635 | 2023-12-01 | User Enumeration in ArslanSoft's Education Portal |
| CVE-2023-6461 | 2023-12-01 | Cross-site Scripting (XSS) - Reflected in viliusle/minipaint |
| CVE-2023-5637 | 2023-12-01 | Plaintext Storage of a Password in ArslanSoft's Education Portal |
| CVE-2023-5636 | 2023-12-01 | Malicious File Upload in ArslanSoft's Education Portal |
| CVE-2023-28895 | 2023-12-01 | Hard-coded password for access to power controller chip memory |
| CVE-2023-28896 | 2023-12-01 | Weak encoding for password in UDS services |
| CVE-2023-45168 | 2023-12-01 | IBM AIX command execution |
| CVE-2023-4518 | 2023-12-01 | A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order... |
| CVE-2023-42006 | 2023-12-01 | IBM i information disclosure |
| CVE-2023-26024 | 2023-12-01 | IBM Planning Analytics on Cloud Pak for Data information disclosure |
| CVE-2023-38268 | 2023-12-01 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2023-43015 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-49277 | 2023-12-01 | Reflected Cross-site Scripting Vulnerability in dpaste |
| CVE-2023-42009 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-43021 | 2023-12-01 | IBM InfoSphere Information Server information disclosure |
| CVE-2023-42022 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-40699 | 2023-12-01 | IBM InfoSphere Information Server denial of service |
| CVE-2023-42019 | 2023-12-01 | IBM InfoSphere Information Server information disclosure |
| CVE-2023-46174 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-6462 | 2023-12-01 | SourceCodester User Registration and Login System delete-user.php cross site scripting |
| CVE-2023-44402 | 2023-12-01 | ASAR Integrity bypass via filetype confusion in electron |
| CVE-2023-44382 | 2023-12-01 | October CMS safe mode bypass using Twig sandbox escape |
| CVE-2023-44381 | 2023-12-01 | October CMS safe mode bypass using Page template injection |
| CVE-2023-46746 | 2023-12-01 | Authenticated PostHog users vulnerable to SSRF |
| CVE-2023-48314 | 2023-12-01 | Unescaped passing of the request URL in Collabora Online |
| CVE-2023-49276 | 2023-12-01 | Attribute Injection leading to XSS(Cross-Site-Scripting) in uptime-kuma |
| CVE-2023-49281 | 2023-12-01 | Open Redirect in Login Function of Calendarinho |
| CVE-2023-6463 | 2023-12-01 | SourceCodester User Registration and Login System add-user.php cross site scripting |
| CVE-2023-49914 | 2023-12-02 | InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that... |
| CVE-2023-39256 | 2023-12-02 | Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an... |
| CVE-2023-39257 | 2023-12-02 | Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an... |