CVE List - 2023 / October
Showing 1101 - 1200 of 2690 CVEs for October 2023 (Page 12 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5580 | 2023-10-14 | SourceCodester Library System index.php sql injection |
| CVE-2023-5581 | 2023-10-14 | SourceCodester Medicine Tracker System index.php cross site scripting |
| CVE-2023-5582 | 2023-10-14 | ZZZCMS Personal Profile Page cross site scripting |
| CVE-2022-33161 | 2023-10-14 | IBM Security Directory Server information disclosure |
| CVE-2022-33165 | 2023-10-14 | IBM Security Directory Server information disclosure |
| CVE-2022-32755 | 2023-10-14 | IBM Security Directory Server external entity injection |
| CVE-2023-35024 | 2023-10-14 | IBM Cloud Pak for Business Automation cross-site scripting |
| CVE-2022-43740 | 2023-10-14 | IBM Security Verify Access denial of service |
| CVE-2022-43868 | 2023-10-14 | IBM Security Verify Access information disclosure |
| CVE-2023-45176 | 2023-10-14 | IBM App Connect Enterprise and IBM Integration Bus denial of service |
| CVE-2023-40367 | 2023-10-14 | IBM QRadar SIEM cross-site scripting |
| CVE-2023-30994 | 2023-10-14 | IBM QRadar SIEM information disclosure |
| CVE-2023-5585 | 2023-10-14 | SourceCodester Online Motorcycle Rental System Bike List cross site scripting |
| CVE-2018-25091 | 2023-10-15 | urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials... |
| CVE-2023-38312 | 2023-10-15 | A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile... |
| CVE-2023-45871 | 2023-10-15 | An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. |
| CVE-2023-5586 | 2023-10-15 | NULL Pointer Dereference in gpac/gpac |
| CVE-2023-40378 | 2023-10-15 | IBM i privilege escalation |
| CVE-2023-5587 | 2023-10-15 | SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection |
| CVE-2023-5588 | 2023-10-15 | kphrx pleroma pack.ex Pleroma.Emoji.Pack path traversal |
| CVE-2023-5590 | 2023-10-15 | NULL Pointer Dereference in seleniumhq/selenium |
| CVE-2023-5589 | 2023-10-15 | SourceCodester Judging Management System login.php sql injection |
| CVE-2023-35013 | 2023-10-15 | IBM Security Verify Governance information disclosure |
| CVE-2023-35018 | 2023-10-15 | IBM Security Verify Governance file upload |
| CVE-2022-48612 | 2023-10-16 | A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL... |
| CVE-2023-29484 | 2023-10-16 | In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. |
| CVE-2023-36340 | 2023-10-16 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. |
| CVE-2023-36947 | 2023-10-16 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. |
| CVE-2023-36950 | 2023-10-16 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. |
| CVE-2023-36952 | 2023-10-16 | TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg. |
| CVE-2023-36953 | 2023-10-16 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. |
| CVE-2023-36954 | 2023-10-16 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. |
| CVE-2023-36955 | 2023-10-16 | TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. |
| CVE-2023-40791 | 2023-10-16 | extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. |
| CVE-2023-40851 | 2023-10-16 | Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and... |
| CVE-2023-40852 | 2023-10-16 | SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user... |
| CVE-2023-43118 | 2023-10-16 | Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause... |
| CVE-2023-43119 | 2023-10-16 | An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis... |
| CVE-2023-43120 | 2023-10-16 | An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. |
| CVE-2023-43121 | 2023-10-16 | A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files. |
| CVE-2023-44808 | 2023-10-16 | D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function. |
| CVE-2023-44809 | 2023-10-16 | D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. |
| CVE-2023-45540 | 2023-10-16 | An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave... |
| CVE-2023-45542 | 2023-10-16 | Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function. |
| CVE-2023-45572 | 2023-10-16 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and... |
| CVE-2023-45573 | 2023-10-16 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and... |
| CVE-2023-45574 | 2023-10-16 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and... |
| CVE-2023-45575 | 2023-10-16 | Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and... |
| CVE-2023-45576 | 2023-10-16 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and... |
| CVE-2023-45577 | 2023-10-16 | Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and... |
| CVE-2023-45578 | 2023-10-16 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and... |
| CVE-2023-45579 | 2023-10-16 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and... |
| CVE-2023-45580 | 2023-10-16 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and... |
| CVE-2023-45984 | 2023-10-16 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. |
| CVE-2023-45985 | 2023-10-16 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-45898 | 2023-10-16 | The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. |
| CVE-2023-5591 | 2023-10-16 | SQL Injection in librenms/librenms |
| CVE-2023-33836 | 2023-10-16 | IBM Security Verify Governance information disclosure |
| CVE-2023-40377 | 2023-10-16 | IBM i privilege escalation |
| CVE-2023-38280 | 2023-10-16 | IBM Power HMC privilege escalation |
| CVE-2023-21413 | 2023-10-16 | Remote code execution vulnerability during the installation of ACAP applications on the Axis device |
| CVE-2023-21414 | 2023-10-16 | NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which... |
| CVE-2023-21415 | 2023-10-16 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw... |
| CVE-2023-45158 | 2023-10-16 | An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may... |
| CVE-2023-45757 | 2023-10-16 | Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability |
| CVE-2023-43668 | 2023-10-16 | Apache InLong: Jdbc Connection Security Bypass in InLong |
| CVE-2023-43667 | 2023-10-16 | Apache InLong: Log Injection in Global functions |
| CVE-2023-43666 | 2023-10-16 | Apache InLong: General user Unauthorized access User Management |
| CVE-2023-5422 | 2023-10-16 | SSL Certificates are not checked for E-Mail Handling |
| CVE-2023-38059 | 2023-10-16 | External pictures can be loaded even if not allowed by configuration |
| CVE-2023-5421 | 2023-10-16 | Possible XSS execution in customer information |
| CVE-2023-45273 | 2023-10-16 | WordPress Stout Google Calendar Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45274 | 2023-10-16 | WordPress SendPulse Free Web Push Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5595 | 2023-10-16 | Denial of Service in gpac/gpac |
| CVE-2023-45605 | 2023-10-16 | WordPress Feed Statistics Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45606 | 2023-10-16 | WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45629 | 2023-10-16 | WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4827 | 2023-10-16 | File Manager Pro < 1.8 - Remote Code Execution via CSRF |
| CVE-2023-3392 | 2023-10-16 | Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection |
| CVE-2023-4620 | 2023-10-16 | Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS |
| CVE-2023-45650 | 2023-10-16 | WordPress HTML5 Maps Plugin <= 1.7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4834 | 2023-10-16 | In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain... |
| CVE-2023-45651 | 2023-10-16 | WordPress WP Attachments Plugin <= 5.0.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45653 | 2023-10-16 | WordPress Video Playlist For YouTube Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4822 | 2023-10-16 | Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change... |
| CVE-2023-45654 | 2023-10-16 | WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45655 | 2023-10-16 | WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45656 | 2023-10-16 | WordPress Lazy Load for Videos Plugin <= 2.18.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45638 | 2023-10-16 | WordPress Eupago Gateway For Woocommerce Plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3991 | 2023-10-16 | OS command injection vulnerability in FreshTomato 2023.3 |
| CVE-2023-45639 | 2023-10-16 | WordPress Sort SearchResult By Title Plugin <= 10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45641 | 2023-10-16 | WordPress Caret Country Access Limit Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4457 | 2023-10-16 | Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin... |
| CVE-2023-45642 | 2023-10-16 | WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45643 | 2023-10-16 | WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45645 | 2023-10-16 | WordPress WP Open Street Map Plugin <= 1.25 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45647 | 2023-10-16 | WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45748 | 2023-10-16 | WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45749 | 2023-10-16 | WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45752 | 2023-10-16 | WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF) |