Lista CVE - 2023 / Novembre
Visualizzazione 201 - 300 di 2443 CVE per Novembre 2023 (Pagina 3 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-45344 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45341 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45343 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45338 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45345 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45346 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-45347 | 2023-11-02 | Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46725 | 2023-11-02 | FoodCoopShop Server-Side Request Forgery vulnerability |
| CVE-2023-38469 | 2023-11-02 | Reachable assertion in avahi_dns_packet_append_record |
| CVE-2023-38470 | 2023-11-02 | Reachable assertion in avahi_escape_label |
| CVE-2023-38471 | 2023-11-02 | Reachable assertion in dbus_set_host_name |
| CVE-2023-38472 | 2023-11-02 | Reachable assertion in avahi_rdata_parse |
| CVE-2023-38473 | 2023-11-02 | Reachable assertion in avahi_alternative_host_name |
| CVE-2022-4900 | 2023-11-02 | Potential buffer overflow in php_cli_server_startup_workers |
| CVE-2023-4217 | 2023-11-02 | Session cookies attribute not set properly |
| CVE-2023-5035 | 2023-11-02 | Cookie Without Secure Flag |
| CVE-2023-5846 | 2023-11-02 | Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550 |
| CVE-2023-5923 | 2023-11-02 | Campcodes Simple Student Information System index.php sql injection |
| CVE-2023-5924 | 2023-11-02 | Campcodes Simple Student Information System view_course.php sql injection |
| CVE-2023-31016 | 2023-11-02 | CVE |
| CVE-2023-31017 | 2023-11-02 | CVE |
| CVE-2023-31018 | 2023-11-02 | CVE |
| CVE-2023-31019 | 2023-11-02 | CVE |
| CVE-2023-31020 | 2023-11-02 | CVE |
| CVE-2023-31021 | 2023-11-02 | CVE |
| CVE-2023-31022 | 2023-11-02 | CVE |
| CVE-2023-31023 | 2023-11-02 | CVE |
| CVE-2023-31026 | 2023-11-02 | CVE |
| CVE-2023-31027 | 2023-11-02 | CVE |
| CVE-2023-5925 | 2023-11-02 | Campcodes Simple Student Information System Master.php sql injection |
| CVE-2023-5926 | 2023-11-02 | Campcodes Simple Student Information System update_status.php sql injection |
| CVE-2023-5927 | 2023-11-02 | Campcodes Simple Student Information System manage_course.php sql injection |
| CVE-2023-5928 | 2023-11-02 | Campcodes Simple Student Information System manage_department.php sql injection |
| CVE-2023-5929 | 2023-11-02 | Campcodes Simple Student Information System manage_academic.php sql injection |
| CVE-2023-5930 | 2023-11-02 | Campcodes Simple Student Information System manage_academic.php cross site scripting |
| CVE-2023-42027 | 2023-11-02 | IBM CICS TX cross-site request forgery |
| CVE-2023-42029 | 2023-11-02 | IBM CICS TX cross-site scripting |
| CVE-2023-43018 | 2023-11-02 | IBM CICS TX privilege escalation |
| CVE-2017-7252 | 2023-11-03 | bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext... |
| CVE-2020-28407 | 2023-11-03 | In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. |
| CVE-2023-31102 | 2023-11-03 | Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. |
| CVE-2023-34259 | 2023-11-03 | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an... |
| CVE-2023-34260 | 2023-11-03 | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory. |
| CVE-2023-34261 | 2023-11-03 | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error. |
| CVE-2023-36620 | 2023-11-03 | An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup... |
| CVE-2023-36621 | 2023-11-03 | An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without... |
| CVE-2023-41914 | 2023-11-03 | SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. |
| CVE-2023-43982 | 2023-11-03 | Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable... |
| CVE-2023-44271 | 2023-11-03 | An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by... |
| CVE-2023-45024 | 2023-11-03 | Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. |
| CVE-2023-46404 | 2023-11-03 | PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. |
| CVE-2023-46817 | 2023-11-03 | An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize()... |
| CVE-2023-46947 | 2023-11-03 | Subrion 4.2.1 has a remote command execution vulnerability in the backend. |
| CVE-2023-46954 | 2023-11-03 | SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. |
| CVE-2023-46980 | 2023-11-03 | An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. |
| CVE-2023-38965 | 2023-11-03 | Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. |
| CVE-2023-41164 | 2023-11-03 | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large... |
| CVE-2023-41259 | 2023-11-03 | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API... |
| CVE-2023-41260 | 2023-11-03 | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. |
| CVE-2023-43665 | 2023-11-03 | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of... |
| CVE-2023-45360 | 2023-11-03 | An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to... |
| CVE-2023-45362 | 2023-11-03 | An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown")... |
| CVE-2023-47233 | 2023-11-03 | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access,... |
| CVE-2023-47234 | 2023-11-03 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks... |
| CVE-2023-47235 | 2023-11-03 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does... |
| CVE-2023-46176 | 2023-11-03 | IBM MQ privilege escalation |
| CVE-2023-36034 | 2023-11-03 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2023-36029 | 2023-11-03 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2023-36022 | 2023-11-03 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2023-35896 | 2023-11-03 | IBM Content Navigator server-side request forgery |
| CVE-2023-41343 | 2023-11-03 | Ragic No-Code Database Builder - Stored XSS |
| CVE-2023-41345 | 2023-11-03 | ASUS RT-AX55 - command injection - 1 |
| CVE-2023-41346 | 2023-11-03 | ASUS RT-AX55 - command injection - 2 |
| CVE-2023-41347 | 2023-11-03 | ASUS RT-AX55 - command injection - 3 |
| CVE-2023-41348 | 2023-11-03 | ASUS RT-AX55 - command injection - 4 |
| CVE-2023-41350 | 2023-11-03 | Chunghwa Telecom NOKIA G-040W-Q - Excessive Authentication Attempts |
| CVE-2023-41351 | 2023-11-03 | Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control |
| CVE-2023-41352 | 2023-11-03 | Chunghwa Telecom NOKIA G-040W-Q - Command Injection |
| CVE-2023-41353 | 2023-11-03 | Chunghwa Telecom NOKIA G-040W-Q - Weak Password Requirements |
| CVE-2023-41354 | 2023-11-03 | Chunghwa Telecom NOKIA G-040W-Q - Exposure of Sensitive Information |
| CVE-2023-41355 | 2023-11-03 | Chunghwa Telecom NOKIA G-040W-Q - Improper Input Validation |
| CVE-2023-41344 | 2023-11-03 | NCSIST ManageEngine MDM - Path Traversal |
| CVE-2023-41357 | 2023-11-03 | Galaxy Software Services Vitals ESP - Arbitrary File Upload |
| CVE-2023-41356 | 2023-11-03 | WisdomGarden Tronclass ilearn - Path Traversal |
| CVE-2023-5948 | 2023-11-03 | Improper Authorization in teamamaze/amazefileutilities |
| CVE-2023-5763 | 2023-11-03 | Glassfish remote code execution |
| CVE-2023-46846 | 2023-11-03 | Squid: request/response smuggling in http/1.1 and icap |
| CVE-2023-1194 | 2023-11-03 | Use-after-free in parse_lease_state() |
| CVE-2023-4091 | 2023-11-03 | Samba: smb clients can truncate files with read-only permissions |
| CVE-2023-5824 | 2023-11-03 | Squid: dos against http and https |
| CVE-2023-42670 | 2023-11-03 | Samba: ad dc busy rpc multiple listener dos |
| CVE-2023-46848 | 2023-11-03 | Squid: denial of service in ftp |
| CVE-2023-46847 | 2023-11-03 | Squid: denial of service in http digest authentication |
| CVE-2023-1476 | 2023-11-03 | Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222 |
| CVE-2023-4043 | 2023-11-03 | Parsson DoS when parsing numbers from untrusted sources |
| CVE-2023-4767 | 2023-11-03 | Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central |
| CVE-2023-4768 | 2023-11-03 | Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central |
| CVE-2023-4769 | 2023-11-03 | Server-Side Request Forgery in ManageEngine Desktop Central |
| CVE-2023-4591 | 2023-11-03 | Inclusion of Functionality from Untrusted Control Sphere in WPN-XM Serverstack |
| CVE-2023-4592 | 2023-11-03 | Improper Neutralization of Input During Web Page Generation in WPN-XM Serverstack |