CVE List - 2023 / October
Showing 901 - 1000 of 2690 CVEs for October 2023 (Page 10 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-35655 | 2023-10-11 | In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2023-35660 | 2023-10-11 | In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2023-35661 | 2023-10-11 | In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2023-35662 | 2023-10-11 | there is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed... |
| CVE-2023-40141 | 2023-10-11 | In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-40142 | 2023-10-11 | In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2023-41881 | 2023-10-11 | Deleting a collaboration should also delete linked resources |
| CVE-2023-41882 | 2023-10-11 | vantage6 Improper Access Control vulnerability |
| CVE-2023-43661 | 2023-10-11 | Cachet vulnerable to Authenticated Remote Code Execution |
| CVE-2023-44186 | 2023-10-11 | Junos OS and Junos OS Evolved: RPD crash when attempting to send a very long AS PATH to a non-4-byte-AS capable BGP neighbor |
| CVE-2023-45132 | 2023-10-11 | IgnoreIP/IgnoreCIDR should not trust X-Forwarded-For |
| CVE-2023-3781 | 2023-10-11 | there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2023-44187 | 2023-10-11 | Junos OS Evolved: 'file copy' CLI command can disclose password to shell users |
| CVE-2023-44188 | 2023-10-11 | Junos OS: jkdsd crash due to multiple telemetry requests |
| CVE-2023-44189 | 2023-10-11 | Junos OS Evolved: PTX10003 Series: MAC address validation bypass vulnerability |
| CVE-2023-44190 | 2023-10-11 | Junos OS Evolved: PTX10001, PTX10004, PTX10008, PTX10016: MAC address validation bypass vulnerability |
| CVE-2023-39325 | 2023-10-11 | HTTP/2 rapid reset can cause excessive work in net/http |
| CVE-2023-5218 | 2023-10-11 | Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
| CVE-2023-5487 | 2023-10-11 | Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome... |
| CVE-2023-5484 | 2023-10-11 | Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-5475 | 2023-10-11 | Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted... |
| CVE-2023-5483 | 2023-10-11 | Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-5481 | 2023-10-11 | Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-5476 | 2023-10-11 | Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-5474 | 2023-10-11 | Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption... |
| CVE-2023-5479 | 2023-10-11 | Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a... |
| CVE-2023-5485 | 2023-10-11 | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-5478 | 2023-10-11 | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-5477 | 2023-10-11 | Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) |
| CVE-2023-5486 | 2023-10-11 | Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-5473 | 2023-10-11 | Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2023-1943 | 2023-10-11 | Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode |
| CVE-2023-40829 | 2023-10-12 | There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000. |
| CVE-2023-40833 | 2023-10-12 | An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. |
| CVE-2023-41261 | 2023-10-12 | An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and... |
| CVE-2023-41262 | 2023-10-12 | An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to... |
| CVE-2023-41263 | 2023-10-12 | An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types,... |
| CVE-2023-42298 | 2023-10-12 | An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. |
| CVE-2023-43147 | 2023-10-12 | PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI. |
| CVE-2023-43148 | 2023-10-12 | SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts. |
| CVE-2023-43149 | 2023-10-12 | SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status. |
| CVE-2023-45510 | 2023-10-12 | tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error. |
| CVE-2023-45511 | 2023-10-12 | A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. |
| CVE-2023-23632 | 2023-10-12 | BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions,... |
| CVE-2023-5531 | 2023-10-12 | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation... |
| CVE-2023-29453 | 2023-10-12 | Agent 2 package are built with Go version affected by CVE-2023-24538 |
| CVE-2023-32721 | 2023-10-12 | Stored XSS in Maps element |
| CVE-2023-32722 | 2023-10-12 | Stack-buffer Overflow in library module zbxjson |
| CVE-2023-32723 | 2023-10-12 | Inefficient permission check in class CControllerAuthenticationUpdate |
| CVE-2023-32724 | 2023-10-12 | JavaScript engine memory pointers are directly available for Zabbix users for modification |
| CVE-2023-5470 | 2023-10-12 | The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping... |
| CVE-2023-45047 | 2023-10-12 | WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5554 | 2023-10-12 | Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. |
| CVE-2023-5555 | 2023-10-12 | Cross-site Scripting (XSS) - Generic in frappe/lms |
| CVE-2023-5556 | 2023-10-12 | Cross-site Scripting (XSS) - Reflected in structurizr/onpremises |
| CVE-2023-23651 | 2023-10-12 | WordPress MainWP Google Analytics Extension Plugin <= 4.0.4 - SQL Injection vulnerability |
| CVE-2023-23737 | 2023-10-12 | WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection |
| CVE-2023-43789 | 2023-10-12 | Libxpm: out of bounds read on xpm with corrupted colormap |
| CVE-2023-5046 | 2023-10-12 | SQLi in Biltay's Procost |
| CVE-2023-5045 | 2023-10-12 | SQLi in Biltay's Kayısı |
| CVE-2023-44998 | 2023-10-12 | WordPress Category Meta Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45011 | 2023-10-12 | WordPress WP Power Stats Plugin <= 2.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45048 | 2023-10-12 | WordPress Social proof testimonials and reviews by Repuso Plugin <= 5.00 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45052 | 2023-10-12 | WordPress WP Bing Map Pro Plugin < 5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45058 | 2023-10-12 | WordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45060 | 2023-10-12 | WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45063 | 2023-10-12 | WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45068 | 2023-10-12 | WordPress Contact Form by Supsystic Plugin <= 1.7.27 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27315 | 2023-10-12 | Information Disclosure Vulnerability in SnapGathers |
| CVE-2023-32124 | 2023-10-12 | WordPress Publish Confirm Message Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41131 | 2023-10-12 | WordPress Sp*tify Play Button for WordPress Plugin <= 2.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45102 | 2023-10-12 | WordPress Blog Manager Light Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45103 | 2023-10-12 | WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45106 | 2023-10-12 | WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31192 | 2023-10-12 | An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform... |
| CVE-2023-32634 | 2023-10-12 | An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. |
| CVE-2023-27516 | 2023-10-12 | An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a... |
| CVE-2023-32275 | 2023-10-12 | An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can... |
| CVE-2023-25774 | 2023-10-12 | A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send... |
| CVE-2023-23581 | 2023-10-12 | A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. |
| CVE-2023-22308 | 2023-10-12 | An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can... |
| CVE-2023-22325 | 2023-10-12 | A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An... |
| CVE-2023-27395 | 2023-10-12 | A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An... |
| CVE-2023-5072 | 2023-10-12 | DoS Vulnerability in JSON-Java |
| CVE-2023-45133 | 2023-10-12 | Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code |
| CVE-2023-45138 | 2023-10-12 | Change Request Application vulnerable to XSS and remote code execution through change request title |
| CVE-2023-45142 | 2023-10-12 | OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics |
| CVE-2023-45143 | 2023-10-12 | Undici's cookie header not cleared on cross-origin redirect in fetch |
| CVE-2023-27312 | 2023-10-12 | Privilege Escalation Vulnerability in SnapCenter Plugin for VMware vSphere |
| CVE-2023-27313 | 2023-10-12 | Privilege Escalation Vulnerability in SnapCenter |
| CVE-2023-27314 | 2023-10-12 | Denial of Service Vulnerability in ONTAP 9 |
| CVE-2023-5562 | 2023-10-12 | Unsafe default allows for cross-site scripting attacks in KNIME Server and KNIME Business Hub |
| CVE-2023-27316 | 2023-10-12 | Privilege Escalation Vulnerability in SnapCenter |
| CVE-2023-22392 | 2023-10-12 | Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak |
| CVE-2023-36839 | 2023-10-12 | Junos OS and Junos OS Evolved: An l2cpd crash will occur when specific LLDP packets are received |
| CVE-2023-36841 | 2023-10-12 | Junos OS: MX Series: Receipt of malformed TCP traffic will cause a Denial of Service |
| CVE-2023-36843 | 2023-10-12 | Junos OS: SRX Series: The PFE will crash on receiving malformed SSL traffic when Sky ATP is enabled |
| CVE-2023-44175 | 2023-10-12 | Junos OS and Junos OS Evolved: Receipt of a specific genuine PIM packet causes RPD crash |
| CVE-2023-44177 | 2023-10-12 | Junos OS and Junos OS Evolved: Stack overflow vulnerability in CLI command processing |
| CVE-2023-44176 | 2023-10-12 | Junos OS : Stack overflow vulnerability in CLI command processing |