Lista CVE - 2023 / Dicembre
Visualizzazione 1801 - 1900 di 2673 CVE per Dicembre 2023 (Pagina 19 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-50272 | 2023-12-19 | A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass. |
| CVE-2021-22962 | 2023-12-19 | An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. |
| CVE-2023-46223 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46259 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46225 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46263 | 2023-12-19 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. |
| CVE-2023-46804 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). |
| CVE-2023-46257 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46265 | 2023-12-19 | An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). |
| CVE-2023-46217 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-41727 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46222 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46216 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46221 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46224 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46262 | 2023-12-19 | An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. |
| CVE-2023-46264 | 2023-12-19 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. |
| CVE-2023-46803 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). |
| CVE-2023-46258 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46260 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46266 | 2023-12-19 | An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. |
| CVE-2023-46261 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-46220 | 2023-12-19 | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. |
| CVE-2023-37390 | 2023-12-19 | WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection |
| CVE-2023-34382 | 2023-12-19 | WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection |
| CVE-2023-34027 | 2023-12-19 | WordPress Recently Viewed Products Plugin <= 1.0.0 is vulnerable to PHP Object Injection |
| CVE-2023-45105 | 2023-12-19 | WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.9 is vulnerable to Open Redirection |
| CVE-2023-43826 | 2023-12-19 | Apache Guacamole: Integer overflow in handling of VNC image buffers |
| CVE-2023-41648 | 2023-12-19 | WordPress Login and Logout Redirect Plugin <= 2.0.3 is vulnerable to Open Redirection |
| CVE-2023-40602 | 2023-12-19 | WordPress Doofinder for WooCommerce Plugin <= 1.5.49 is vulnerable to Open Redirection |
| CVE-2023-38481 | 2023-12-19 | WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection |
| CVE-2023-38478 | 2023-12-19 | WordPress Integration for WooCommerce and QuickBooks Plugin <= 1.2.3 is vulnerable to Open Redirection |
| CVE-2023-37982 | 2023-12-19 | WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection |
| CVE-2023-35883 | 2023-12-19 | WordPress Core Web Vitals & PageSpeed Booster Plugin <= 1.0.12 is vulnerable to Open Redirection |
| CVE-2023-49764 | 2023-12-19 | WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection |
| CVE-2023-49750 | 2023-12-19 | WordPress Couponis Demo Plugin < 2.2 is vulnerable to SQL Injection |
| CVE-2023-48764 | 2023-12-19 | WordPress WordPress Brute Force Protection – Stop Brute Force Attacks Plugin <= 2.2.5 is vulnerable to SQL Injection |
| CVE-2023-48741 | 2023-12-19 | WordPress ChatBot Plugin <= 4.7.8 is vulnerable to SQL Injection |
| CVE-2023-48738 | 2023-12-19 | WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection |
| CVE-2023-48327 | 2023-12-19 | WordPress WC Vendors Marketplace Plugin <= 2.4.7 is vulnerable to SQL Injection |
| CVE-2023-49812 | 2023-12-19 | WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-42940 | 2023-12-19 | A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content. |
| CVE-2022-43450 | 2023-12-19 | WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-46624 | 2023-12-19 | WordPress Parcel Pro Plugin <= 1.6.11 is vulnerable to Open Redirection |
| CVE-2023-49164 | 2023-12-19 | WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50835 | 2023-12-19 | WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-38126 | 2023-12-19 | Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability |
| CVE-2023-47146 | 2023-12-19 | IBM QRadar SIEM information disclosure |
| CVE-2023-45172 | 2023-12-19 | IBM AIX denial of service |
| CVE-2023-6928 | 2023-12-19 | Improper Restriction of Excessive Authentication Attempts |
| CVE-2023-6929 | 2023-12-19 | Authorization Bypass Through User-Controlled Key in EuroTel ETL3100 |
| CVE-2023-6930 | 2023-12-19 | Improper Access Control in EuroTel ETL3100 |
| CVE-2023-50707 | 2023-12-19 | Uncontrolled Resource Consumption in EFACEC BCU 500 |
| CVE-2023-6689 | 2023-12-19 | Cross-Site Request Forgery in EFACEC BCU 500 |
| CVE-2023-50703 | 2023-12-19 | Cleartext Transmission of Sensitive Information in EFACEC UC 500E |
| CVE-2023-50704 | 2023-12-19 | URL Redirection to Untrusted Site ('Open Redirect') in EFACEC UC 500E |
| CVE-2023-50705 | 2023-12-19 | Exposure of Sensitive Information to an Unauthorized Actor in EFACEC UC 500E |
| CVE-2023-42013 | 2023-12-19 | IBM UrbanCode Deploy information disclosure |
| CVE-2023-50706 | 2023-12-19 | Improper Access Control in EFACEC UC 500E |
| CVE-2023-42012 | 2023-12-19 | IBM UrbanCode Deploy denial of service |
| CVE-2023-47161 | 2023-12-19 | IBM UrbanCode Deploy denial of service |
| CVE-2023-41166 | 2023-12-20 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if... |
| CVE-2023-47093 | 2023-12-20 | An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ... |
| CVE-2023-47990 | 2023-12-20 | SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. |
| CVE-2023-50044 | 2023-12-20 | Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. |
| CVE-2023-50628 | 2023-12-20 | Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component. |
| CVE-2023-50639 | 2023-12-20 | Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page. |
| CVE-2023-50983 | 2023-12-20 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. |
| CVE-2023-50984 | 2023-12-20 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. |
| CVE-2023-50985 | 2023-12-20 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. |
| CVE-2023-50986 | 2023-12-20 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. |
| CVE-2023-50987 | 2023-12-20 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. |
| CVE-2023-50988 | 2023-12-20 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. |
| CVE-2023-50989 | 2023-12-20 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. |
| CVE-2023-50990 | 2023-12-20 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. |
| CVE-2023-50992 | 2023-12-20 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. |
| CVE-2023-50993 | 2023-12-20 | Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles. |
| CVE-2023-27172 | 2023-12-20 | Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce... |
| CVE-2023-49032 | 2023-12-20 | An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to... |
| CVE-2023-47704 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager information disclosure |
| CVE-2023-47705 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager improper input validation |
| CVE-2023-47706 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager file upload |
| CVE-2023-47702 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager directory traversal |
| CVE-2023-47703 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager information disclosure |
| CVE-2023-47707 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager cross-site scripting |
| CVE-2023-6974 | 2023-12-20 | Server-Side Request Forgery (SSRF) |
| CVE-2023-6975 | 2023-12-20 | Path Traversal: '\..\filename' |
| CVE-2023-6976 | 2023-12-20 | Unrestricted Upload of File with Dangerous Type |
| CVE-2023-6977 | 2023-12-20 | Path Traversal: '\..\filename' |
| CVE-2023-0011 | 2023-12-20 | Command Execution through Serial Interface of u-blox TOBY-L2 |
| CVE-2023-37544 | 2023-12-20 | Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS |
| CVE-2023-6912 | 2023-12-20 | Brute force vulnerability in M-Files user authentication |
| CVE-2023-6910 | 2023-12-20 | Uncontrolled Resource Consumption in M-Files Server |
| CVE-2023-6768 | 2023-12-20 | Authentication bypass vulnerability in Amazing Little Poll |
| CVE-2023-6769 | 2023-12-20 | Stored XSS vulnerability in Amazing Little Poll |
| CVE-2023-6562 | 2023-12-20 | JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload... |
| CVE-2023-47507 | 2023-12-20 | WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to PHP Object Injection |
| CVE-2023-47236 | 2023-12-20 | WordPress iPages Flipbook Plugin <= 1.4.8 is vulnerable to SQL Injection |
| CVE-2023-46311 | 2023-12-20 | WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-46147 | 2023-12-20 | WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to PHP Object Injection |