CVE List - 2023 / October
Showing 1301 - 1400 of 2690 CVEs for October 2023 (Page 14 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-44693 | 2023-10-17 | D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php. |
| CVE-2023-44694 | 2023-10-17 | D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php. |
| CVE-2023-44824 | 2023-10-17 | An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. |
| CVE-2023-45357 | 2023-10-17 | Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14... |
| CVE-2023-45358 | 2023-10-17 | Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML... |
| CVE-2023-45375 | 2023-10-17 | In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().` |
| CVE-2023-45386 | 2023-10-17 | In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().' |
| CVE-2023-45901 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add. |
| CVE-2023-45902 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. |
| CVE-2023-45903 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete. |
| CVE-2023-45904 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. |
| CVE-2023-45905 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. |
| CVE-2023-45906 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. |
| CVE-2023-45907 | 2023-10-17 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. |
| CVE-2023-45951 | 2023-10-17 | lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php. |
| CVE-2023-45952 | 2023-10-17 | An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2022-22377 | 2023-10-17 | IBM Security Verify Privilege information disclosure |
| CVE-2022-22384 | 2023-10-17 | IBM Security Verify Privilege improper input validation |
| CVE-2022-22386 | 2023-10-17 | IBM Security Verify Privilege information disclosure |
| CVE-2022-22385 | 2023-10-17 | IBM Security Verify Privilege information disclosure |
| CVE-2021-38859 | 2023-10-17 | IBM Security Verify Privilege information disclosure |
| CVE-2021-20581 | 2023-10-17 | IBM Security Verify Privilege information disclosure |
| CVE-2022-22375 | 2023-10-17 | IBM Security Verify Privilege command execution |
| CVE-2022-22380 | 2023-10-17 | IBM Security Verify Privilege improper authentication |
| CVE-2021-29913 | 2023-10-17 | IBM Security Verify Privilege improper input validation |
| CVE-2022-43889 | 2023-10-17 | IBM Security Verify Privilege information disclosure |
| CVE-2022-43893 | 2023-10-17 | IBM Security Verify Privilege denial of service |
| CVE-2022-43892 | 2023-10-17 | IBM Security Verify Privilege information disclosure |
| CVE-2022-43891 | 2023-10-17 | IBM Security Verify Privilege information disclosure |
| CVE-2023-34207 | 2023-10-17 | Unrestricted Upload of File with Dangerous Type in EasyUse MailHunter Ultimate |
| CVE-2023-34208 | 2023-10-17 | Path Traversal in EasyUse MailHunter Ultimate |
| CVE-2023-34209 | 2023-10-17 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate |
| CVE-2023-34210 | 2023-10-17 | SQL Injection in EasyUse MailHunter Ultimate |
| CVE-2023-4089 | 2023-10-17 | WAGO: Multiple products vulnerable to local file inclusion |
| CVE-2023-41752 | 2023-10-17 | Apache Traffic Server: s3_auth plugin problem with hash calculation |
| CVE-2023-39456 | 2023-10-17 | Apache Traffic Server: Malformed http/2 frames can cause an abort |
| CVE-2023-4399 | 2023-10-17 | Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the... |
| CVE-2023-42497 | 2023-10-17 | Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary... |
| CVE-2023-42629 | 2023-10-17 | Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web... |
| CVE-2023-44309 | 2023-10-17 | Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web... |
| CVE-2023-24385 | 2023-10-17 | WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44990 | 2023-10-17 | WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45005 | 2023-10-17 | WordPress Seriously Simple Stats Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44310 | 2023-10-17 | Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows... |
| CVE-2023-5339 | 2023-10-17 | Mattermost Desktop logs all keystrokes during initial run after fresh installation |
| CVE-2023-44311 | 2023-10-17 | Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89... |
| CVE-2023-5522 | 2023-10-17 | Mobile app freezes when receiving a post with hundreds of emojis |
| CVE-2023-45010 | 2023-10-17 | WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45003 | 2023-10-17 | WordPress Social Feed Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45004 | 2023-10-17 | WordPress Woo Custom Emails Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45006 | 2023-10-17 | WordPress WooODT Lite Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45007 | 2023-10-17 | WordPress Fotomoto Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-42628 | 2023-10-17 | Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier,... |
| CVE-2023-42627 | 2023-10-17 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow... |
| CVE-2022-3761 | 2023-10-17 | OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials |
| CVE-2023-43776 | 2023-10-17 | Weak encoding vulnerability in easyE4 |
| CVE-2023-43777 | 2023-10-17 | Insecure storage of password in easySoft |
| CVE-2023-20598 | 2023-10-17 | An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical... |
| CVE-2023-37537 | 2023-10-17 | HCL AppScan Presence deployed as Windows service might be vulnerable to an Unquoted Service Path vulnerability |
| CVE-2023-4896 | 2023-10-17 | Authenticated Disclosure of Sensitive Information in AirWave Management Platform |
| CVE-2023-45803 | 2023-10-17 | Request body not stripped after redirect in urllib3 |
| CVE-2023-43794 | 2023-10-17 | SQL Injection in nocodb |
| CVE-2023-22015 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high... |
| CVE-2023-22019 | 2023-10-17 | Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2023-22025 | 2023-10-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE:... |
| CVE-2023-22026 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high... |
| CVE-2023-22028 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high... |
| CVE-2023-22029 | 2023-10-17 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2023-22032 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2023-22059 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2023-22064 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22065 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22066 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2023-22067 | 2023-10-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM... |
| CVE-2023-22068 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2023-22069 | 2023-10-17 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2023-22070 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2023-22071 | 2023-10-17 | Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on... |
| CVE-2023-22072 | 2023-10-17 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2023-22073 | 2023-10-17 | Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the... |
| CVE-2023-22074 | 2023-10-17 | Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session,... |
| CVE-2023-22075 | 2023-10-17 | Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session,... |
| CVE-2023-22076 | 2023-10-17 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2023-22077 | 2023-10-17 | Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA... |
| CVE-2023-22078 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2023-22079 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2023-22080 | 2023-10-17 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2023-22081 | 2023-10-17 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:... |
| CVE-2023-22082 | 2023-10-17 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2023-22083 | 2023-10-17 | Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2023-22084 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high... |
| CVE-2023-22085 | 2023-10-17 | Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2023-22086 | 2023-10-17 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2023-22087 | 2023-10-17 | Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2023-22088 | 2023-10-17 | Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management). Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows... |
| CVE-2023-22089 | 2023-10-17 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2023-22090 | 2023-10-17 | Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Events & Notifications). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low... |
| CVE-2023-22091 | 2023-10-17 | Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21;... |
| CVE-2023-22092 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22093 | 2023-10-17 | Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access... |