Lista CVE - 2023 / Dicembre
Visualizzazione 2601 - 2673 di 2673 CVE per Dicembre 2023 (Pagina 27 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-52139 | 2023-12-29 | Misskey vulnerable to improper authorization when accessing with third-party application |
| CVE-2023-7171 | 2023-12-29 | Novel-Plus Friendly Link FriendLinkController.java cross site scripting |
| CVE-2022-46486 | 2023-12-30 | A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information. |
| CVE-2023-38021 | 2023-12-30 | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to... |
| CVE-2023-38022 | 2023-12-30 | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates... |
| CVE-2023-38023 | 2023-12-30 | An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access... |
| CVE-2023-41542 | 2023-12-30 | SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. |
| CVE-2023-41543 | 2023-12-30 | SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. |
| CVE-2023-41544 | 2023-12-30 | SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. |
| CVE-2023-50110 | 2023-12-30 | TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. |
| CVE-2023-50550 | 2023-12-30 | layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. |
| CVE-2023-50578 | 2023-12-30 | Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. |
| CVE-2023-50589 | 2023-12-30 | Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. |
| CVE-2023-51133 | 2023-12-30 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. |
| CVE-2023-51135 | 2023-12-30 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. |
| CVE-2023-51136 | 2023-12-30 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. |
| CVE-2023-52252 | 2023-12-30 | Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. |
| CVE-2023-52257 | 2023-12-30 | LogoBee 0.2 allows updates.php?id= XSS. |
| CVE-2023-52262 | 2023-12-30 | outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. |
| CVE-2023-52263 | 2023-12-30 | Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. |
| CVE-2023-52264 | 2023-12-30 | The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. |
| CVE-2023-52266 | 2023-12-30 | ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this. |
| CVE-2023-52267 | 2023-12-30 | ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. |
| CVE-2022-46487 | 2023-12-30 | Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of... |
| CVE-2023-50651 | 2023-12-30 | TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. |
| CVE-2023-52265 | 2023-12-30 | IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. |
| CVE-2023-7172 | 2023-12-30 | PHPGurukul Hospital Management System Admin Dashboard sql injection |
| CVE-2018-25096 | 2023-12-30 | MdAlAmin-aol Own Health Record logout.php cross-site request forgery |
| CVE-2023-7173 | 2023-12-30 | PHPGurukul Hospital Management System registration.php cross site scripting |
| CVE-2023-7175 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request borrow_add.php sql injection |
| CVE-2023-7176 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request return_add.php sql injection |
| CVE-2023-7177 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request book_add.php sql injection |
| CVE-2023-49299 | 2023-12-30 | Apache DolphinScheduler: Arbitrary js execute as root for authenticated users |
| CVE-2023-7178 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request book_row.php sql injection |
| CVE-2023-7179 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request category_row.php sql injection |
| CVE-2023-7180 | 2023-12-30 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-7181 | 2023-12-30 | Muyun DedeBIZ Add Attachment unrestricted upload |
| CVE-2023-6998 | 2023-12-30 | Lockscreen bypass in eWeLink App |
| CVE-2021-46901 | 2023-12-31 | examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network. |
| CVE-2023-52269 | 2023-12-31 | MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators. |
| CVE-2023-52275 | 2023-12-31 | Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. |
| CVE-2023-52277 | 2023-12-31 | Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an... |
| CVE-2023-52284 | 2023-12-31 | Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled. |
| CVE-2023-52286 | 2023-12-31 | Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. |
| CVE-2021-46900 | 2023-12-31 | Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is... |
| CVE-2023-7130 | 2023-12-31 | code-projects College Notes Gallery login.php sql injection |
| CVE-2023-6093 | 2023-12-31 | OnCell G3150A-LTE Series: Clickjacking Vulnerability |
| CVE-2023-52182 | 2023-12-31 | WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection |
| CVE-2023-6094 | 2023-12-31 | OnCell G3150A-LTE Series: Web Server Transmits Cleartext Credentials |
| CVE-2023-39157 | 2023-12-31 | WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE) |
| CVE-2023-52181 | 2023-12-31 | WordPress Theme per user Plugin <= 1.0.1 is vulnerable to PHP Object Injection |
| CVE-2023-49777 | 2023-12-31 | WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object Injection |
| CVE-2023-52180 | 2023-12-31 | WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.1.0 is vulnerable to SQL Injection |
| CVE-2023-7183 | 2023-12-31 | 7-card Fakabao alipay_notify.php sql injection |
| CVE-2023-7184 | 2023-12-31 | 7-card Fakabao notify.php sql injection |
| CVE-2023-7185 | 2023-12-31 | 7-card Fakabao wxpay_notify.php sql injection |
| CVE-2023-7186 | 2023-12-31 | 7-card Fakabao notify.php sql injection |
| CVE-2023-7187 | 2023-12-31 | Totolink N350RT HTTP POST Request stack-based overflow |
| CVE-2023-7188 | 2023-12-31 | Shipping 100 Fahuo100 login.php sql injection |
| CVE-2023-7189 | 2023-12-31 | S-CMS sql injection |
| CVE-2023-7190 | 2023-12-31 | S-CMS sql injection |
| CVE-2023-7191 | 2023-12-31 | S-CMS reg.php sql injection |
| CVE-2023-7193 | 2023-12-31 | MTab Bookmark Installation install.php access control |
| CVE-2023-52185 | 2023-12-31 | WordPress Everest Backup Plugin <= 2.1.9 is vulnerable to Sensitive Data Exposure |
| CVE-2023-52134 | 2023-12-31 | WordPress GEO my WordPress Plugin <= 4.0.2 is vulnerable to SQL Injection |
| CVE-2023-52133 | 2023-12-31 | WordPress Most And Least Read Posts Widget Plugin <= 2.5.16 is vulnerable to SQL Injection |
| CVE-2023-52132 | 2023-12-31 | WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to SQL Injection |
| CVE-2023-51547 | 2023-12-31 | WordPress Fluent Support Plugin <= 1.7.6 is vulnerable to SQL Injection |
| CVE-2023-52131 | 2023-12-31 | WordPress Page Generator Plugin <= 1.7.1 is vulnerable to SQL Injection |
| CVE-2023-51469 | 2023-12-31 | WordPress Checkout Mestres WP Plugin <= 7.1.9.6 is vulnerable to SQL Injection |
| CVE-2023-51423 | 2023-12-31 | WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to SQL Injection |
| CVE-2023-51503 | 2023-12-31 | WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-50096 | 2024-01-01 | STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes... |
| CVE-2023-50094 | 2024-01-01 | reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root... |
| CVE-2024-21732 | 2024-01-01 | FlyCms through abbaa5a allows XSS via the permission management feature. |
| CVE-2023-6064 | 2024-01-01 | PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure |
| CVE-2023-6421 | 2024-01-01 | Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak |
| CVE-2023-6271 | 2024-01-01 | Backup Migration Staging < 1.3.6 - Sensitive Data Exposure |
| CVE-2023-6485 | 2024-01-01 | Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS |
| CVE-2023-6000 | 2024-01-01 | Popup Builder < 4.2.3 - Unauthenticated Stored XSS |
| CVE-2023-6037 | 2024-01-01 | WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS |
| CVE-2023-5877 | 2024-01-01 | affiliate-toolkit < 3.4.3 - Unauthenticated SSRF |
| CVE-2023-6113 | 2024-01-01 | WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download |
| CVE-2024-0181 | 2024-01-01 | RRJ Nueva Ecija Engineer Online Portal Admin Panel admin_user.php cross site scripting |
| CVE-2024-0182 | 2024-01-01 | SourceCodester Engineers Online Portal Admin Login sql injection |
| CVE-2024-0183 | 2024-01-01 | RRJ Nueva Ecija Engineer Online Portal NIA Office students.php cross site scripting |
| CVE-2024-0184 | 2024-01-01 | RRJ Nueva Ecija Engineer Online Portal Add Enginer edit_teacher.php cross site scripting |
| CVE-2023-45893 | 2024-01-02 | An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. |
| CVE-2023-49551 | 2024-01-02 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. |
| CVE-2020-26623 | 2024-01-02 | SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login... |
| CVE-2020-26624 | 2024-01-02 | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. |
| CVE-2020-26625 | 2024-01-02 | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal. |
| CVE-2023-45561 | 2024-01-02 | An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. |
| CVE-2023-45892 | 2024-01-02 | An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. |
| CVE-2023-47458 | 2024-01-02 | An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. |
| CVE-2023-49549 | 2024-01-02 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. |
| CVE-2023-49550 | 2024-01-02 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. |
| CVE-2023-49552 | 2024-01-02 | An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. |
| CVE-2023-49553 | 2024-01-02 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. |
| CVE-2023-49554 | 2024-01-02 | Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. |