Lista CVE - 2023 / Novembre
Visualizzazione 601 - 700 di 2443 CVE per Novembre 2023 (Pagina 7 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-45078 | 2023-11-07 | WordPress User Blocker Plugin <= 1.5.5 is vulnerable to CSV Injection |
| CVE-2022-44738 | 2023-11-07 | WordPress Posts and Users Stats Plugin <= 1.1.3 is vulnerable to CSV Injection |
| CVE-2022-42882 | 2023-11-07 | WordPress Simple CSV/XLS Exporter Plugin <= 1.5.8 is vulnerable to CSV Injection |
| CVE-2022-38702 | 2023-11-07 | WordPress WP CSV Exporter Plugin <= 2.0 is vulnerable to CSV Injection |
| CVE-2022-41616 | 2023-11-07 | WordPress Export Users Data CSV Plugin <= 2.1 is vulnerable to CSV Injection |
| CVE-2023-41798 | 2023-11-07 | WordPress Directorist Plugin <= 7.7.1 is vulnerable to CSV Injection |
| CVE-2023-46744 | 2023-11-07 | Stored Cross-site Scripting in Squidex |
| CVE-2022-47181 | 2023-11-07 | WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32966 | 2023-11-07 | WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF) leading to Stored XSS |
| CVE-2023-46737 | 2023-11-07 | Possible endless data attack from attacker-controlled registry in cosign |
| CVE-2023-28499 | 2023-11-07 | WordPress Slide Anything Plugin <= 2.4.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46730 | 2023-11-07 | Server-Side Request Forgery in groupoffice |
| CVE-2023-5998 | 2023-11-07 | Out-of-bounds Read in gpac/gpac |
| CVE-2023-46253 | 2023-11-07 | Remote code execution in Squidex |
| CVE-2023-46252 | 2023-11-07 | Cross-Site Scripting (XSS) via postMessage Handler in Squidex |
| CVE-2023-5309 | 2023-11-07 | Broken Session Management in Puppet Enterprise |
| CVE-2023-46244 | 2023-11-07 | Privilege escalation in Xwiki platform |
| CVE-2023-46242 | 2023-11-07 | Code injection in XWiki Platform |
| CVE-2023-46243 | 2023-11-07 | Code execution via the edit action in XWiki platform |
| CVE-2023-4956 | 2023-11-07 | Quay: clickjacking on config-editor page severity |
| CVE-2023-4154 | 2023-11-07 | Samba: ad dc password exposure to privileged users and rodcs |
| CVE-2023-5818 | 2023-11-07 | The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-5819 | 2023-11-07 | The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping.... |
| CVE-2023-5982 | 2023-11-07 | The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack... |
| CVE-2023-46677 | 2023-11-07 | Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46679 | 2023-11-07 | Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46785 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46787 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46788 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46789 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46793 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46800 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-6001 | 2023-11-07 | Prometheus Metrics Accessible Pre-Authentication |
| CVE-2023-6002 | 2023-11-07 | Log Injection |
| CVE-2021-43609 | 2023-11-08 | An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary... |
| CVE-2023-29974 | 2023-11-08 | An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. |
| CVE-2023-36667 | 2023-11-08 | Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. |
| CVE-2023-37790 | 2023-11-08 | Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. |
| CVE-2023-41111 | 2023-11-08 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123,... |
| CVE-2023-41112 | 2023-11-08 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123,... |
| CVE-2023-45857 | 2023-11-08 | An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing... |
| CVE-2023-45875 | 2023-11-08 | An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster. |
| CVE-2023-46362 | 2023-11-08 | jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc. |
| CVE-2023-46363 | 2023-11-08 | jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. |
| CVE-2023-46483 | 2023-11-08 | Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function. |
| CVE-2023-47379 | 2023-11-08 | Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. |
| CVE-2023-47397 | 2023-11-08 | WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. |
| CVE-2023-4061 | 2023-11-08 | Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor |
| CVE-2023-5801 | 2023-11-08 | Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2023-46768 | 2023-11-08 | Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-46769 | 2023-11-08 | Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-46770 | 2023-11-08 | Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones. |
| CVE-2023-44115 | 2023-11-08 | Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-41270 | 2023-11-08 | Samsung Smart TV UE40D7000 WPS DoS attack |
| CVE-2023-39913 | 2023-11-08 | Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats |
| CVE-2023-5941 | 2023-11-08 | libc stdio buffer overflow |
| CVE-2023-5978 | 2023-11-08 | Incorrect libcap_net limitation list manipulation |
| CVE-2023-44098 | 2023-11-08 | Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-46771 | 2023-11-08 | Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-46772 | 2023-11-08 | Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data. |
| CVE-2022-48613 | 2023-11-08 | Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed. |
| CVE-2023-46774 | 2023-11-08 | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. |
| CVE-2023-46765 | 2023-11-08 | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. |
| CVE-2023-46766 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. |
| CVE-2023-46767 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. |
| CVE-2023-46760 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. |
| CVE-2023-46761 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. |
| CVE-2023-46762 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. |
| CVE-2023-46763 | 2023-11-08 | Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. |
| CVE-2023-46764 | 2023-11-08 | Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously. |
| CVE-2023-46755 | 2023-11-08 | Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart. |
| CVE-2023-46756 | 2023-11-08 | Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. |
| CVE-2023-46757 | 2023-11-08 | The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-46758 | 2023-11-08 | Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. |
| CVE-2023-46759 | 2023-11-08 | Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-6012 | 2023-11-08 | Incorrect input data validation in Lanaccess ONSAFE MonitorHM Web Console |
| CVE-2023-46613 | 2023-11-08 | WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46621 | 2023-11-08 | WordPress User Avatar Plugin <= 1.4.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5136 | 2023-11-08 | Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX |
| CVE-2023-45140 | 2023-11-08 | Group-based JIT MFA bypass on scp and sftp in The Bastion |
| CVE-2023-35767 | 2023-11-08 | Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core |
| CVE-2023-46626 | 2023-11-08 | WordPress FLOWFACT WP Connector Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47107 | 2023-11-08 | PILOS account takeover through password reset poisoning |
| CVE-2023-45849 | 2023-11-08 | Arbitrary Code Execution in Helix Core |
| CVE-2023-45319 | 2023-11-08 | Unauthenticated Remote Denial-of-Service (Commit) in Helix Core |
| CVE-2023-5759 | 2023-11-08 | Unauthenticated Remote Denial-of-Service via Buffer in Helix Core |
| CVE-2023-32298 | 2023-11-08 | WordPress Simple User Listing Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46627 | 2023-11-08 | WordPress WP Simple HTML Sitemap Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46640 | 2023-11-08 | WordPress Medialist Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46642 | 2023-11-08 | WordPress SAHU TikTok Pixel for E-Commerce Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46643 | 2023-11-08 | WordPress Download CloudNet360 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5760 | 2023-11-08 | Time-of-check to time-of-use (TOCTOU) bug leads to full local privilege escalation. |
| CVE-2023-5913 | 2023-11-08 | A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API. |
| CVE-2023-3282 | 2023-11-08 | Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine |
| CVE-2023-47181 | 2023-11-08 | WordPress IdeaPush Plugin <= 8.52 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47190 | 2023-11-08 | WordPress Apollo13 Framework Extensions Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47223 | 2023-11-08 | WordPress Basic Interactive World Map Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47226 | 2023-11-08 | WordPress Post Sliders & Post Grids Plugin <= 1.0.20 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47227 | 2023-11-08 | WordPress Social Feed | All social media in one place Plugin <= 1.5.4.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47228 | 2023-11-08 | WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Scripting (XSS) |