CVE List - 2023 / October
Showing 1401 - 1500 of 2690 CVEs for October 2023 (Page 15 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-22094 | 2023-10-17 | Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon... |
| CVE-2023-22095 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access... |
| CVE-2023-22096 | 2023-10-17 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create... |
| CVE-2023-22097 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2023-22098 | 2023-10-17 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2023-22099 | 2023-10-17 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2023-22100 | 2023-10-17 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2023-22101 | 2023-10-17 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with... |
| CVE-2023-22102 | 2023-10-17 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access... |
| CVE-2023-22103 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2023-22104 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access... |
| CVE-2023-22105 | 2023-10-17 | Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2023-22106 | 2023-10-17 | Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: API). Supported versions that are affected are ECC: 8, 9 and 10. Easily exploitable vulnerability allows... |
| CVE-2023-22107 | 2023-10-17 | Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: UI Components). Supported versions that are affected are ECC: 8, 9 and 10. Easily exploitable vulnerability... |
| CVE-2023-22108 | 2023-10-17 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2023-22109 | 2023-10-17 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Dashboards). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows... |
| CVE-2023-22110 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22111 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22112 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22113 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2023-22114 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2023-22115 | 2023-10-17 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22117 | 2023-10-17 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows... |
| CVE-2023-22118 | 2023-10-17 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows... |
| CVE-2023-22119 | 2023-10-17 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Difficult to exploit vulnerability... |
| CVE-2023-22121 | 2023-10-17 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2023-22122 | 2023-10-17 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker... |
| CVE-2023-22123 | 2023-10-17 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2023-22124 | 2023-10-17 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2023-22125 | 2023-10-17 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2023-22126 | 2023-10-17 | Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2023-22127 | 2023-10-17 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is... |
| CVE-2023-22128 | 2023-10-17 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access... |
| CVE-2023-22129 | 2023-10-17 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2023-22130 | 2023-10-17 | Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network... |
| CVE-2023-39276 | 2023-10-17 | SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash. |
| CVE-2023-39277 | 2023-10-17 | SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash. |
| CVE-2023-39278 | 2023-10-17 | SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash. |
| CVE-2023-39279 | 2023-10-17 | SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash. |
| CVE-2023-39280 | 2023-10-17 | SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash. |
| CVE-2023-41711 | 2023-10-17 | SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash. |
| CVE-2023-41712 | 2023-10-17 | SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. |
| CVE-2023-41713 | 2023-10-17 | SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. |
| CVE-2023-45810 | 2023-10-17 | OpenFGA denial of service |
| CVE-2023-42506 | 2023-10-17 | Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary... |
| CVE-2023-42507 | 2023-10-17 | Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user... |
| CVE-2023-41715 | 2023-10-17 | SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. |
| CVE-2023-45811 | 2023-10-17 | Prototype pollution vulnerability leading to arbitrary code execution in synchrony deobfuscator |
| CVE-2023-3042 | 2023-10-17 | CNA SHORTNAME: dotCMSORG UUID: 5b9d93f2-25c7-46b4-ab60-d201718c9dd8 |
| CVE-2023-5626 | 2023-10-17 | Cross-Site Request Forgery (CSRF) in pkp/ojs |
| CVE-2023-5552 | 2023-10-17 | A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if... |
| CVE-2023-42319 | 2023-10-18 | Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE:... |
| CVE-2023-43250 | 2023-10-18 | XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service... |
| CVE-2023-45383 | 2023-10-18 | In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to... |
| CVE-2023-45909 | 2023-10-18 | zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. |
| CVE-2023-45911 | 2023-10-18 | An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. |
| CVE-2023-45912 | 2023-10-18 | WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings. |
| CVE-2023-45958 | 2023-10-18 | Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the... |
| CVE-2023-46004 | 2023-10-18 | Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. |
| CVE-2023-46005 | 2023-10-18 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. |
| CVE-2023-46006 | 2023-10-18 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. |
| CVE-2023-46007 | 2023-10-18 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. |
| CVE-2023-46009 | 2023-10-18 | gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. |
| CVE-2023-38546 | 2023-10-18 | This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API,... |
| CVE-2023-38545 | 2023-10-18 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow... |
| CVE-2023-35084 | 2023-10-18 | Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands... |
| CVE-2023-35083 | 2023-10-18 | Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive... |
| CVE-2023-39332 | 2023-10-18 | Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584)... |
| CVE-2023-38552 | 2023-10-18 | When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy... |
| CVE-2023-39331 | 2023-10-18 | A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility... |
| CVE-2023-3254 | 2023-10-18 | The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation... |
| CVE-2023-5538 | 2023-10-18 | The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output... |
| CVE-2023-5621 | 2023-10-18 | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input... |
| CVE-2023-4938 | 2023-10-18 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes... |
| CVE-2023-45008 | 2023-10-18 | WordPress Comment Reply Email Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25476 | 2023-10-18 | WordPress AmpedSense – AdSense Split Tester Plugin <= 4.68 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45049 | 2023-10-18 | WordPress YouTube Playlist Player Plugin <= 4.6.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45051 | 2023-10-18 | WordPress Image vertical reel scroll slideshow Plugin <= 9.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45054 | 2023-10-18 | WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45056 | 2023-10-18 | WordPress Open User Map | Everybody can add locations Plugin <= 1.3.26 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45057 | 2023-10-18 | WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45059 | 2023-10-18 | WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5632 | 2023-10-18 | Unconditionally adding an event to the epoll causes excessive CPU consumption |
| CVE-2023-45062 | 2023-10-18 | WordPress Download canvasio3D Light Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45064 | 2023-10-18 | WordPress OPcache Dashboard Plugin <= 0.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45727 | 2023-10-18 | Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity... |
| CVE-2023-32087 | 2023-10-18 | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation |
| CVE-2023-32088 | 2023-10-18 | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation |
| CVE-2023-32089 | 2023-10-18 | Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description |
| CVE-2023-45065 | 2023-10-18 | WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 1.42 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45067 | 2023-10-18 | WordPress WP Simple HTML Sitemap Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45070 | 2023-10-18 | WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45071 | 2023-10-18 | WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45072 | 2023-10-18 | WordPress Order auto complete for WooCommerce Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31217 | 2023-10-18 | WordPress User Location and IP Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45073 | 2023-10-18 | WordPress Mendeley Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45608 | 2023-10-18 | WordPress Smart Cookie Kit Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45607 | 2023-10-18 | WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45604 | 2023-10-18 | WordPress Get Custom Field Values Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45602 | 2023-10-18 | WordPress Ebook Store Plugin <= 5.785 is vulnerable to Cross Site Scripting (XSS) |