Lista CVE - 2023 / Dicembre
Visualizzazione 1701 - 1800 di 2673 CVE per Dicembre 2023 (Pagina 18 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-5348 | 2023-12-18 | Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update |
| CVE-2023-6289 | 2023-12-18 | Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export |
| CVE-2023-6295 | 2023-12-18 | so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion |
| CVE-2023-6077 | 2023-12-18 | Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access |
| CVE-2023-5949 | 2023-12-18 | SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure |
| CVE-2023-4724 | 2023-12-18 | WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE |
| CVE-2023-5882 | 2023-12-18 | WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF |
| CVE-2023-40691 | 2023-12-18 | IBM Cloud Pak for Business Automation information disclosure |
| CVE-2023-48768 | 2023-12-18 | WordPress Quantity Plus Minus Button for WooCommerce by CodeAstrology Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6355 | 2023-12-18 | Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior... |
| CVE-2023-48769 | 2023-12-18 | WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22439 | 2023-12-18 | Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service... |
| CVE-2023-48772 | 2023-12-18 | WordPress Prevent Landscape Rotation Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23570 | 2023-12-18 | Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to... |
| CVE-2023-23576 | 2023-12-18 | Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are... |
| CVE-2023-23584 | 2023-12-18 | An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher... |
| CVE-2023-24590 | 2023-12-18 | A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a... |
| CVE-2023-41967 | 2023-12-18 | Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the... |
| CVE-2023-46686 | 2023-12-18 | A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.... |
| CVE-2023-48773 | 2023-12-18 | WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48778 | 2023-12-18 | WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48781 | 2023-12-18 | WordPress MkRapel Regiones y Ciudades de Chile para WC Plugin <= 4.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49148 | 2023-12-18 | WordPress Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Plugin <= 3.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49153 | 2023-12-18 | WordPress Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49155 | 2023-12-18 | WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49163 | 2023-12-18 | WordPress teachPress Plugin <= 9.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49759 | 2023-12-18 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49760 | 2023-12-18 | WordPress WPsoonOnlinePage Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49761 | 2023-12-18 | WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49763 | 2023-12-18 | WordPress CSprite Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49821 | 2023-12-18 | WordPress LiveChat Plugin <= 4.5.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34168 | 2023-12-18 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to SQL Injection |
| CVE-2023-33331 | 2023-12-18 | WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to SQL Injection |
| CVE-2023-47558 | 2023-12-18 | WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to SQL Injection |
| CVE-2023-47530 | 2023-12-18 | WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin <= 1.8.7 is vulnerable to SQL Injection |
| CVE-2023-6927 | 2023-12-18 | Keycloak: open redirect via "form_post.jwt" jarm response mode |
| CVE-2023-47506 | 2023-12-18 | WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to SQL Injection |
| CVE-2023-6918 | 2023-12-18 | Libssh: missing checks for return values for digests |
| CVE-2022-45809 | 2023-12-18 | WordPress Thumbs Rating Plugin <= 5.0.0 is vulnerable to Race Condition |
| CVE-2023-49819 | 2023-12-18 | WordPress Structured Content Plugin <= 1.5.3 is vulnerable to PHP Object Injection |
| CVE-2023-48751 | 2023-12-18 | WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control |
| CVE-2023-47754 | 2023-12-18 | WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control |
| CVE-2023-46154 | 2023-12-18 | WordPress e2pdf Plugin <= 1.20.18 is vulnerable to PHP Object Injection |
| CVE-2023-46212 | 2023-12-18 | WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control |
| CVE-2023-45887 | 2023-12-19 | DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message. |
| CVE-2023-47267 | 2023-12-19 | An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted... |
| CVE-2023-49004 | 2023-12-19 | An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. |
| CVE-2023-49006 | 2023-12-19 | Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. |
| CVE-2023-49147 | 2023-12-19 | An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe.... |
| CVE-2023-49706 | 2023-12-19 | Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of... |
| CVE-2023-50466 | 2023-12-19 | An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into... |
| CVE-2023-49489 | 2023-12-19 | Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. |
| CVE-2023-44982 | 2023-12-19 | WordPress WP Retina 2x Plugin <= 6.4.5 is vulnerable to Sensitive Data Exposure |
| CVE-2023-6314 | 2023-12-19 | Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. |
| CVE-2023-6315 | 2023-12-19 | Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. |
| CVE-2023-6940 | 2023-12-19 | Command Injection |
| CVE-2023-6488 | 2023-12-19 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and... |
| CVE-2014-125107 | 2023-12-19 | Corveda PHPSandbox String protection mechanism |
| CVE-2019-25157 | 2023-12-19 | Ethex Contracts Monthly Jackpot EthexJackpot.sol access control |
| CVE-2023-42015 | 2023-12-19 | IBM UrbanCode Deploy HTML injection |
| CVE-2023-5413 | 2023-12-19 | The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization... |
| CVE-2023-5432 | 2023-12-19 | The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output... |
| CVE-2023-50376 | 2023-12-19 | WordPress Simple Membership Plugin <= 4.3.8 is vulnerable to Unauth. Reflected Cross Site Scripting (XSS) |
| CVE-2023-46104 | 2023-12-19 | Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb |
| CVE-2023-49736 | 2023-12-19 | Apache Superset: SQL Injection on where_in JINJA macro |
| CVE-2023-49734 | 2023-12-19 | Apache Superset: Privilege Escalation Vulnerability |
| CVE-2023-6945 | 2023-12-19 | SourceCodester Online Student Management System edit-student-detail.php cross site scripting |
| CVE-2023-6730 | 2023-12-19 | Deserialization of Untrusted Data in huggingface/transformers |
| CVE-2019-25158 | 2023-12-19 | pedroetb tts-api app.js onSpeechDone os command injection |
| CVE-2023-50762 | 2023-12-19 | When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as... |
| CVE-2023-50761 | 2023-12-19 | The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the... |
| CVE-2023-6856 | 2023-12-19 | The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code... |
| CVE-2023-6857 | 2023-12-19 | When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android,... |
| CVE-2023-6858 | 2023-12-19 | Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
| CVE-2023-6859 | 2023-12-19 | A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
| CVE-2023-6860 | 2023-12-19 | The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird <... |
| CVE-2023-6861 | 2023-12-19 | The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. |
| CVE-2023-6862 | 2023-12-19 | A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. |
| CVE-2023-6863 | 2023-12-19 | The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird <... |
| CVE-2023-6864 | 2023-12-19 | Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2023-6135 | 2023-12-19 | Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox <... |
| CVE-2023-6865 | 2023-12-19 | `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode.... |
| CVE-2023-6866 | 2023-12-19 | TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121. |
| CVE-2023-6867 | 2023-12-19 | The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact... |
| CVE-2023-6868 | 2023-12-19 | In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent... |
| CVE-2023-6869 | 2023-12-19 | A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability... |
| CVE-2023-6870 | 2023-12-19 | Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This... |
| CVE-2023-6871 | 2023-12-19 | Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121. |
| CVE-2023-6872 | 2023-12-19 | Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox <... |
| CVE-2023-6873 | 2023-12-19 | Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2023-6931 | 2023-12-19 | Out-of-bounds write in Linux kernel's Performance Events system component |
| CVE-2023-6932 | 2023-12-19 | Use-after-free in Linux kernel's ipv4: igmp component |
| CVE-2023-1514 | 2023-12-19 | A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to... |
| CVE-2023-6913 | 2023-12-19 | Session Hijacking on Imou Life app |
| CVE-2023-6711 | 2023-12-19 | Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated... |
| CVE-2023-6280 | 2023-12-19 | XML External Entity Reference on 52North WPS |
| CVE-2023-43870 | 2023-12-19 | When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to... |
| CVE-2023-44983 | 2023-12-19 | WordPress Aruba HiSpeed Cache Plugin <= 2.0.6 is vulnerable to Sensitive Data Exposure |
| CVE-2023-44991 | 2023-12-19 | WordPress Media File Renamer Plugin <= 5.6.9 is vulnerable to Sensitive Data Exposure |
| CVE-2023-25715 | 2023-12-19 | WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control |