CVE List - 2023 / October
Showing 1 - 100 of 2690 CVEs for October 2023 (Page 1 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5323 | 2023-10-01 | Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr |
| CVE-2023-5322 | 2023-10-01 | D-Link DAR-7000 edit_manageadmin.php sql injection |
| CVE-2023-4211 | 2023-10-01 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations |
| CVE-2023-5324 | 2023-10-01 | eeroOS Ethernet Interface denial of service |
| CVE-2023-5326 | 2023-10-01 | SATO CL4NX-J Plus WebConfig improper authentication |
| CVE-2023-5327 | 2023-10-01 | SATO CL4NX-J Plus path traversal |
| CVE-2023-5328 | 2023-10-01 | SATO CL4NX-J Plus Cookie improper authentication |
| CVE-2023-37605 | 2023-10-02 | Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter. |
| CVE-2023-41580 | 2023-10-02 | Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and... |
| CVE-2023-43267 | 2023-10-02 | A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2023-43268 | 2023-10-02 | Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. |
| CVE-2023-43297 | 2023-10-02 | An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. |
| CVE-2023-43835 | 2023-10-02 | Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. |
| CVE-2023-43836 | 2023-10-02 | There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information |
| CVE-2023-43890 | 2023-10-02 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. |
| CVE-2023-43891 | 2023-10-02 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. |
| CVE-2023-43893 | 2023-10-02 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. |
| CVE-2023-43980 | 2023-10-02 | Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. |
| CVE-2023-44008 | 2023-10-02 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. |
| CVE-2023-44009 | 2023-10-02 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. |
| CVE-2023-44011 | 2023-10-02 | An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. |
| CVE-2023-44012 | 2023-10-02 | Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. |
| CVE-2023-44463 | 2023-10-02 | An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do... |
| CVE-2023-43361 | 2023-10-02 | Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. |
| CVE-2023-43892 | 2023-10-02 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. |
| CVE-2023-5329 | 2023-10-02 | Field Logic DataCube4 Web API improper authentication |
| CVE-2023-20819 | 2023-10-02 | In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution... |
| CVE-2023-32819 | 2023-10-02 | In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2023-32820 | 2023-10-02 | In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2023-32821 | 2023-10-02 | In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32822 | 2023-10-02 | In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-32823 | 2023-10-02 | In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32824 | 2023-10-02 | In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2023-32826 | 2023-10-02 | In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2023-32827 | 2023-10-02 | In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2023-32828 | 2023-10-02 | In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32829 | 2023-10-02 | In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32830 | 2023-10-02 | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-42132 | 2023-10-02 | FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be... |
| CVE-2023-41692 | 2023-10-02 | WordPress Attorney Theme <= 3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41728 | 2023-10-02 | WordPress Rescue Shortcodes Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41729 | 2023-10-02 | WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41731 | 2023-10-02 | WordPress wordpress publish post email notification Plugin <= 1.0.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41733 | 2023-10-02 | WordPress Back To The Top Button Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41734 | 2023-10-02 | WordPress Insert Estimated Reading Time Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41736 | 2023-10-02 | WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41737 | 2023-10-02 | WordPress Swifty Bar, sticky bar by WPGens Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44479 | 2023-10-02 | WordPress WP Jump Menu Plugin <= 3.6.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41797 | 2023-10-02 | WordPress Locations Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41800 | 2023-10-02 | WordPress UniConsent Cookie Consent CMP for GDPR / CCPA Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41847 | 2023-10-02 | WordPress Notice Bar Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41855 | 2023-10-02 | WordPress Regpack Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41856 | 2023-10-02 | WordPress Click To Tweet Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41859 | 2023-10-02 | WordPress Order Delivery Date for WP e-Commerce Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44474 | 2023-10-02 | WordPress Tiger Forms Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44477 | 2023-10-02 | WordPress Cooked Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44244 | 2023-10-02 | WordPress FooGallery Plugin <= 2.2.44 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44239 | 2023-10-02 | WordPress WWM Social Share On Image Hover Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44263 | 2023-10-02 | WordPress Social Metrics Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44144 | 2023-10-02 | WordPress Dreamfox Media Payment gateway per Product for Woocommerce Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44145 | 2023-10-02 | WordPress Anchor Episodes Index (Spotify for Podcasters) Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44262 | 2023-10-02 | WordPress Blocks Plugin <= 1.6.41 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44245 | 2023-10-02 | WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44242 | 2023-10-02 | WordPress Images Slideshow by 2J Plugin <= 1.3.54 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44264 | 2023-10-02 | WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44265 | 2023-10-02 | WordPress Popup contact form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44230 | 2023-10-02 | WordPress Popup contact form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44266 | 2023-10-02 | WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44228 | 2023-10-02 | WordPress Onclick Show Popup Plugin <= 8.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5160 | 2023-10-02 | Full name disclosure via team top membership with Show Full Name option disabled |
| CVE-2023-3768 | 2023-10-02 | Vulnerability in Ingeteam's INGEPAC EF/DA |
| CVE-2023-5106 | 2023-10-02 | Incorrect Authorization in GitLab |
| CVE-2023-3769 | 2023-10-02 | Vulnerability in Ingeteam's INGEPAC EF |
| CVE-2023-3770 | 2023-10-02 | Vulnerability in Ingeteam's INGEPAC DA |
| CVE-2023-3744 | 2023-10-02 | Server-Side Request Forgery in SLiMS |
| CVE-2015-10124 | 2023-10-02 | Most Popular Posts Widget Plugin functions.php show_views sql injection |
| CVE-2023-4659 | 2023-10-02 | Cross-Site Request Forgery in Free5Gc |
| CVE-2023-0809 | 2023-10-02 | In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. |
| CVE-2023-3592 | 2023-10-02 | In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. |
| CVE-2023-5344 | 2023-10-02 | Heap-based Buffer Overflow in vim/vim |
| CVE-2023-28372 | 2023-10-02 | FlashBlade Object Store Privileged Access |
| CVE-2023-31042 | 2023-10-02 | FlashBlade Object Store Protocol |
| CVE-2023-36627 | 2023-10-02 | FlashBlade Snapshot Scheduler |
| CVE-2023-28373 | 2023-10-02 | FlashArray SafeMode Immutable Vulnerability |
| CVE-2023-32572 | 2023-10-02 | FlashArray pgroup Retention Lock SafeMode Protection |
| CVE-2023-36628 | 2023-10-02 | Privilege Escalation in VASA |
| CVE-2023-33268 | 2023-10-03 | An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind). |
| CVE-2023-33269 | 2023-10-03 | An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind). |
| CVE-2023-33270 | 2023-10-03 | An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind). |
| CVE-2023-33271 | 2023-10-03 | An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind). |
| CVE-2023-33272 | 2023-10-03 | An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind). |
| CVE-2023-33273 | 2023-10-03 | An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind). |
| CVE-2023-39645 | 2023-10-03 | Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty... |
| CVE-2023-39646 | 2023-10-03 | Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme... |
| CVE-2023-39647 | 2023-10-03 | Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty... |
| CVE-2023-39648 | 2023-10-03 | Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop,... |
| CVE-2023-39649 | 2023-10-03 | Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty... |
| CVE-2023-39651 | 2023-10-03 | Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop,... |
| CVE-2023-40519 | 2023-10-03 | A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or... |
| CVE-2023-43176 | 2023-10-03 | A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. |