Lista CVE - 2023 / Dicembre
Visualizzazione 901 - 1000 di 2673 CVE per Dicembre 2023 (Pagina 10 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-48615 | 2023-12-12 | An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information. |
| CVE-2022-48616 | 2023-12-12 | A Huawei data communication product has a command injection vulnerability. Successful exploitation of this vulnerability may allow attackers to gain higher privileges. |
| CVE-2023-45847 | 2023-12-12 | Playbook Plugin Crash via Run Checklist |
| CVE-2023-49874 | 2023-12-12 | IDOR when updating the tasks of a private playbook run |
| CVE-2023-46701 | 2023-12-12 | Inaccessible Post Information Leak via Run Timeline IDOR |
| CVE-2023-49809 | 2023-12-12 | Todo plugin gets crashed and disabled by member |
| CVE-2023-49607 | 2023-12-12 | Playbook plugin crash via missing interface type assertion |
| CVE-2023-6547 | 2023-12-12 | Playbooks access/modification by removed team member |
| CVE-2023-45316 | 2023-12-12 | Reflected client side path traversal leading to CSRF in Playbooks |
| CVE-2023-48677 | 2023-12-12 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build... |
| CVE-2023-49695 | 2023-12-12 | OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command... |
| CVE-2023-41963 | 2023-12-12 | Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. |
| CVE-2023-49140 | 2023-12-12 | Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. |
| CVE-2023-49143 | 2023-12-12 | Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. |
| CVE-2023-49713 | 2023-12-12 | Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. |
| CVE-2023-4932 | 2023-12-12 | Reflected Cross-Site Scripting in SAS 9.4 |
| CVE-2023-4958 | 2023-12-12 | Stackrox: missing http security headers allows for clickjacking in web ui |
| CVE-2022-42784 | 2023-12-12 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1)... |
| CVE-2023-6727 | 2023-12-12 | Leak Inaccessible Playbook Information via Channel Action IDOR |
| CVE-2022-46141 | 2023-12-12 | A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access... |
| CVE-2022-47374 | 2023-12-12 | A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU... |
| CVE-2022-47375 | 2023-12-12 | A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU... |
| CVE-2023-38380 | 2023-12-12 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1... |
| CVE-2023-46156 | 2023-12-12 | Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal... |
| CVE-2023-46281 | 2023-12-12 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions... |
| CVE-2023-46282 | 2023-12-12 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions... |
| CVE-2023-46283 | 2023-12-12 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions... |
| CVE-2023-46284 | 2023-12-12 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions... |
| CVE-2023-46285 | 2023-12-12 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions... |
| CVE-2023-48427 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could... |
| CVE-2023-48428 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious... |
| CVE-2023-48429 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain... |
| CVE-2023-48430 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain... |
| CVE-2023-48431 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker... |
| CVE-2023-49691 | 2023-12-12 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2023-49692 | 2023-12-12 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2023-6193 | 2023-12-12 | Unbounded queuing of path validation messages in cloudflare-quiche |
| CVE-2023-6593 | 2023-12-12 | Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data... |
| CVE-2023-4421 | 2023-12-12 | The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the... |
| CVE-2023-38694 | 2023-12-12 | Umbraco CMS vulnerable to possible injection of HTML in an unintended form |
| CVE-2023-48227 | 2023-12-12 | Umbraco CMS Backoffice User can bypass "Publish" restriction |
| CVE-2023-48313 | 2023-12-12 | Umbraco contains a DOM-XSS |
| CVE-2023-49923 | 2023-12-12 | Enterprise Search Insertion of Sensitive Information into Log File |
| CVE-2023-20275 | 2023-12-12 | A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send... |
| CVE-2023-36696 | 2023-12-12 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2023-36391 | 2023-12-12 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
| CVE-2023-36020 | 2023-12-12 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-36009 | 2023-12-12 | Microsoft Word Information Disclosure Vulnerability |
| CVE-2023-36011 | 2023-12-12 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-35625 | 2023-12-12 | Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability |
| CVE-2023-21740 | 2023-12-12 | Windows Media Remote Code Execution Vulnerability |
| CVE-2023-36019 | 2023-12-12 | Microsoft Power Platform Connector Spoofing Vulnerability |
| CVE-2023-36010 | 2023-12-12 | Microsoft Defender Denial of Service Vulnerability |
| CVE-2023-36012 | 2023-12-12 | DHCP Server Service Information Disclosure Vulnerability |
| CVE-2023-36003 | 2023-12-12 | XAML Diagnostics Elevation of Privilege Vulnerability |
| CVE-2023-36004 | 2023-12-12 | Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability |
| CVE-2023-36005 | 2023-12-12 | Windows Telephony Server Elevation of Privilege Vulnerability |
| CVE-2023-36006 | 2023-12-12 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-35638 | 2023-12-12 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2023-35639 | 2023-12-12 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| CVE-2023-35641 | 2023-12-12 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
| CVE-2023-35642 | 2023-12-12 | Internet Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2023-35643 | 2023-12-12 | DHCP Server Service Information Disclosure Vulnerability |
| CVE-2023-35644 | 2023-12-12 | Windows Sysmain Service Elevation of Privilege Vulnerability |
| CVE-2023-35628 | 2023-12-12 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| CVE-2023-35629 | 2023-12-12 | Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability |
| CVE-2023-35630 | 2023-12-12 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
| CVE-2023-35631 | 2023-12-12 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-35632 | 2023-12-12 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2023-35633 | 2023-12-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-35634 | 2023-12-12 | Windows Bluetooth Driver Remote Code Execution Vulnerability |
| CVE-2023-35635 | 2023-12-12 | Windows Kernel Denial of Service Vulnerability |
| CVE-2023-35636 | 2023-12-12 | Microsoft Outlook Information Disclosure Vulnerability |
| CVE-2023-35619 | 2023-12-12 | Microsoft Outlook for Mac Spoofing Vulnerability |
| CVE-2023-35621 | 2023-12-12 | Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability |
| CVE-2023-35622 | 2023-12-12 | Windows DNS Spoofing Vulnerability |
| CVE-2023-35624 | 2023-12-12 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2023-49922 | 2023-12-12 | Beats Insertion of Sensitive Information into Log File |
| CVE-2023-6687 | 2023-12-12 | Elastic Agent Insertion of Sensitive Information into Log File |
| CVE-2023-49089 | 2023-12-12 | Umbraco CMS possible path traversal when creating packages from backoffice |
| CVE-2023-49273 | 2023-12-12 | Umbraco CMS vulnerable to Privilege Escalation using Spoofing |
| CVE-2023-49274 | 2023-12-12 | Umbraco CMS SMTP misconfiguration exposes potential registered user email |
| CVE-2023-49278 | 2023-12-12 | Umbraco CMS brute force exploit can be used to collect valid usernames |
| CVE-2023-49279 | 2023-12-12 | Umbraco CMS vulnerable to stored XSS via SVG File Upload |
| CVE-2023-41337 | 2023-12-12 | h2o vulnerable to TLS session resumption misdirection |
| CVE-2023-34064 | 2023-12-12 | Privilege Escalation Vulnerability |
| CVE-2023-50247 | 2023-12-12 | h2o QUIC state exhaustion DoS |
| CVE-2023-48225 | 2023-12-12 | Laf env causes sensitive information disclosure |
| CVE-2023-50251 | 2023-12-12 | php-svg-lib possible DoS caused by infinite recursion when parsing SVG document |
| CVE-2023-50252 | 2023-12-12 | php-svg-lib unsafe attributes merge when parsing `use` tag |
| CVE-2023-5379 | 2023-12-12 | Undertow: ajp request closes connection exceeding maxrequestsize |
| CVE-2023-5764 | 2023-12-12 | Ansible: template injection |
| CVE-2023-6710 | 2023-12-12 | Mod_cluster/mod_proxy_cluster: stored cross site scripting |
| CVE-2023-50263 | 2023-12-12 | Nautobot allows unauthenticated db-file-storage views |
| CVE-2023-3517 | 2023-12-12 | Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') |
| CVE-2023-40921 | 2023-12-13 | SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. |
| CVE-2023-41618 | 2023-12-13 | Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. |
| CVE-2023-41621 | 2023-12-13 | A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. |
| CVE-2023-42483 | 2023-12-13 | A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system. |
| CVE-2023-43122 | 2023-12-13 | Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader. |