Lista CVE - 2023 / Novembre
Visualizzazione 501 - 600 di 2443 CVE per Novembre 2023 (Pagina 6 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-28554 | 2023-11-07 | Buffer Over-read in Qualcomm IPC |
| CVE-2023-28556 | 2023-11-07 | Improper Authorization in HLOS |
| CVE-2023-28563 | 2023-11-07 | Buffer Over-read in IOE Firmware |
| CVE-2023-28566 | 2023-11-07 | Buffer Over-read in WLAN HAL |
| CVE-2023-28568 | 2023-11-07 | Buffer Over-read in WLAN HAL |
| CVE-2023-28569 | 2023-11-07 | Buffer Over-read in WLAN HAL |
| CVE-2023-28570 | 2023-11-07 | Buffer Copy without Checking Size of Input in Audio |
| CVE-2023-28572 | 2023-11-07 | Buffer Over-read in WLAN HOST |
| CVE-2023-28574 | 2023-11-07 | Improper Input Validation in Core |
| CVE-2023-33031 | 2023-11-07 | Buffer Copy Without Checking Size of Input in Automotive Audio |
| CVE-2023-33045 | 2023-11-07 | Buffer Copy Without Checking Size of Input in WLAN Firmware |
| CVE-2023-33047 | 2023-11-07 | Buffer Over-read in WLAN Firmware |
| CVE-2023-33048 | 2023-11-07 | Buffer over-read in WLAN Firmware |
| CVE-2023-33055 | 2023-11-07 | Buffer Copy Without Checking Size of Input in Audio |
| CVE-2023-33056 | 2023-11-07 | NULL Pointer dereference in WLAN Firmware |
| CVE-2023-33059 | 2023-11-07 | Buffer Copy Without Checking Size of Input in Audio |
| CVE-2023-33061 | 2023-11-07 | Buffer Over-read in WLAN Firmware |
| CVE-2023-33074 | 2023-11-07 | Use After Free in Audio |
| CVE-2019-25156 | 2023-11-07 | dstar2018 Agency search.php cross site scripting |
| CVE-2023-41723 | 2023-11-07 | A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the... |
| CVE-2023-38547 | 2023-11-07 | A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote... |
| CVE-2023-38549 | 2023-11-07 | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by... |
| CVE-2023-38548 | 2023-11-07 | A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by... |
| CVE-2023-5076 | 2023-11-07 | The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and... |
| CVE-2023-46845 | 2023-11-07 | EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of... |
| CVE-2023-30739 | 2023-11-07 | Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-42527 | 2023-11-07 | Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. |
| CVE-2023-42528 | 2023-11-07 | Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-42529 | 2023-11-07 | Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2023-42530 | 2023-11-07 | Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction. |
| CVE-2023-42531 | 2023-11-07 | Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background. |
| CVE-2023-42532 | 2023-11-07 | Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. |
| CVE-2023-42533 | 2023-11-07 | Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel. |
| CVE-2023-42534 | 2023-11-07 | Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. |
| CVE-2023-42535 | 2023-11-07 | Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-42536 | 2023-11-07 | An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write. |
| CVE-2023-42537 | 2023-11-07 | An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write. |
| CVE-2023-42538 | 2023-11-07 | An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write. |
| CVE-2023-42539 | 2023-11-07 | PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. |
| CVE-2023-42540 | 2023-11-07 | Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. |
| CVE-2023-42541 | 2023-11-07 | Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. |
| CVE-2023-42542 | 2023-11-07 | Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. |
| CVE-2023-42543 | 2023-11-07 | Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. |
| CVE-2023-42544 | 2023-11-07 | Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. |
| CVE-2023-42545 | 2023-11-07 | Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to... |
| CVE-2023-42546 | 2023-11-07 | Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. |
| CVE-2023-42547 | 2023-11-07 | Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. |
| CVE-2023-42548 | 2023-11-07 | Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. |
| CVE-2023-42549 | 2023-11-07 | Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. |
| CVE-2023-42550 | 2023-11-07 | Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. |
| CVE-2023-42551 | 2023-11-07 | Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. |
| CVE-2023-42552 | 2023-11-07 | Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the... |
| CVE-2023-42553 | 2023-11-07 | Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. |
| CVE-2023-42554 | 2023-11-07 | Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication. |
| CVE-2023-42555 | 2023-11-07 | Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. |
| CVE-2023-46851 | 2023-11-07 | Apache Allura: sensitive information exposure via import |
| CVE-2023-47510 | 2023-11-07 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSolutions-HQ WPDBSpringClean plugin <= 1.6 versions. |
| CVE-2021-4431 | 2023-11-07 | msyk FMDataAPI FMDataAPI_Sample.php cross site scripting |
| CVE-2023-5743 | 2023-11-07 | The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input... |
| CVE-2023-5506 | 2023-11-07 | The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. This... |
| CVE-2023-5658 | 2023-11-07 | The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_mapit' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization... |
| CVE-2023-5975 | 2023-11-07 | The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions.... |
| CVE-2023-5507 | 2023-11-07 | The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on... |
| CVE-2023-5532 | 2023-11-07 | The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmap_save_area_title'... |
| CVE-2023-46819 | 2023-11-07 | Apache OFBiz: Execution of Solr plugin queries without authentication |
| CVE-2023-5669 | 2023-11-07 | The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to... |
| CVE-2023-5577 | 2023-11-07 | The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and... |
| CVE-2023-5703 | 2023-11-07 | The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including,... |
| CVE-2023-5659 | 2023-11-07 | The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interact-quiz' shortcode in all versions up to, and including, 3.0.7... |
| CVE-2023-5709 | 2023-11-07 | The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied... |
| CVE-2023-5661 | 2023-11-07 | The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization... |
| CVE-2023-4842 | 2023-11-07 | The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input... |
| CVE-2023-5567 | 2023-11-07 | The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output... |
| CVE-2023-5660 | 2023-11-07 | The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and... |
| CVE-2023-4888 | 2023-11-07 | The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and... |
| CVE-2023-0436 | 2023-11-07 | Secret logging may occur in debug mode of Atlas Operator |
| CVE-2022-45350 | 2023-11-07 | WordPress Simple History Plugin <= 3.3.1 is vulnerable to CSV Injection |
| CVE-2022-47442 | 2023-11-07 | WordPress UsersWP Plugin <= 1.2.3.9 is vulnerable to CSV Injection |
| CVE-2023-25983 | 2023-11-07 | WordPress KB Support Plugin <= 1.5.84 is vulnerable to CSV Injection |
| CVE-2023-42659 | 2023-11-07 | WS_FTP Server Arbitrary File Upload |
| CVE-2023-5179 | 2023-11-07 | An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds... |
| CVE-2023-4272 | 2023-11-07 | Mali GPU Kernel Driver exposes sensitive data from freed memory |
| CVE-2023-3889 | 2023-11-07 | Mali GPU Kernel Driver exposes sensitive data from freed memory |
| CVE-2023-22719 | 2023-11-07 | WordPress GiveWP Plugin <= 2.25.1 is vulnerable to CSV Injection |
| CVE-2023-4295 | 2023-11-07 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2022-45357 | 2023-11-07 | WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection |
| CVE-2023-23678 | 2023-11-07 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 2.2.5 is vulnerable to CSV Injection |
| CVE-2023-23796 | 2023-11-07 | WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to CSV Injection |
| CVE-2023-36527 | 2023-11-07 | WordPress Post to CSV by BestWebSoft Plugin <= 1.4.0 is vulnerable to CSV Injection |
| CVE-2022-46802 | 2023-11-07 | WordPress Product Reviews Import Export for WooCommerce Plugin <= 1.4.8 is vulnerable to CSV Injection |
| CVE-2022-46801 | 2023-11-07 | WordPress Site Reviews Plugin <= 6.2.0 is vulnerable to CSV Injection |
| CVE-2023-0898 | 2023-11-07 | Uncontrolled Search Path Element in GE MiCOM S1 Agile |
| CVE-2022-46809 | 2023-11-07 | WordPress ReviewX Plugin <= 1.6.7 is vulnerable to CSV Injection |
| CVE-2022-46803 | 2023-11-07 | WordPress Noptin Plugin <= 1.9.5 is vulnerable to CSV Injection |
| CVE-2022-46804 | 2023-11-07 | WordPress Export Users Data Distinct Plugin <= 1.3 is vulnerable to CSV Injection |
| CVE-2022-46821 | 2023-11-07 | WordPress Emails & Newsletters with Jackmail Plugin <= 1.2.22 is vulnerable to CSV Injection |
| CVE-2022-45810 | 2023-11-07 | WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection |
| CVE-2022-45348 | 2023-11-07 | WordPress amr users Plugin <= 4.59.4 is vulnerable to CSV Injection |
| CVE-2022-45370 | 2023-11-07 | WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection |
| CVE-2022-45360 | 2023-11-07 | WordPress Commenter Emails Plugin <= 2.6.1 is vulnerable to CSV Injection |