CVE List - 2023 / October
Showing 1801 - 1900 of 2690 CVEs for October 2023 (Page 19 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-37635 | 2023-10-23 | UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. |
| CVE-2023-37636 | 2023-10-23 | A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when... |
| CVE-2023-42295 | 2023-10-23 | An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c |
| CVE-2023-43358 | 2023-10-23 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. |
| CVE-2023-44760 | 2023-10-23 | Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the... |
| CVE-2023-45966 | 2023-10-23 | umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. |
| CVE-2023-45998 | 2023-10-23 | kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS. |
| CVE-2023-46058 | 2023-10-23 | Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component. |
| CVE-2023-46059 | 2023-10-23 | Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters... |
| CVE-2023-46324 | 2023-10-23 | pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that... |
| CVE-2023-46331 | 2023-10-23 | WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault. |
| CVE-2023-46332 | 2023-10-23 | WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault. |
| CVE-2023-46602 | 2023-10-23 | In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. |
| CVE-2023-46603 | 2023-10-23 | In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a. |
| CVE-2023-5701 | 2023-10-23 | vnotex vnote Markdown File cross site scripting |
| CVE-2023-5702 | 2023-10-23 | Viessmann Vitogate 300 direct request |
| CVE-2023-43624 | 2023-10-23 | CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by... |
| CVE-2023-45802 | 2023-10-23 | Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST |
| CVE-2023-43622 | 2023-10-23 | Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 |
| CVE-2023-31122 | 2023-10-23 | Apache HTTP Server: mod_macro buffer over-read |
| CVE-2023-5246 | 2023-10-23 | Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to... |
| CVE-2021-26734 | 2023-10-23 | Junction Delete leading to elevation of privilege |
| CVE-2021-26735 | 2023-10-23 | Untrusted Search Path While Executing REG DELETE by Uninstaller |
| CVE-2021-26736 | 2023-10-23 | ZApp Installer Privilege Escalation Vulnerabilities |
| CVE-2021-26737 | 2023-10-23 | Privilege Escalation Using PID Reuse in ZCC macOS |
| CVE-2021-26738 | 2023-10-23 | Privilege Escalation for ZCC macOS via PATH Variable |
| CVE-2023-28793 | 2023-10-23 | Heap Based Buffer Overflow in Library |
| CVE-2023-28795 | 2023-10-23 | Client IPC validation bypass |
| CVE-2023-28796 | 2023-10-23 | IPC Bypass Through PLT Section in ELF |
| CVE-2023-28797 | 2023-10-23 | LPE using arbitrary file delete with Symlinks |
| CVE-2023-28803 | 2023-10-23 | Traffic being bypassed by ZCC by configuring synthetic IP range as local network |
| CVE-2023-28804 | 2023-10-23 | Linux ZCC allows unsigned updates, allowing elevated Code Execution |
| CVE-2023-28805 | 2023-10-23 | ZCC on Linux privilege escalation |
| CVE-2023-5718 | 2023-10-23 | The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame... |
| CVE-2023-46127 | 2023-10-23 | Frappe vulnerable to HTML injection by any Desk user |
| CVE-2023-43074 | 2023-10-23 | Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. |
| CVE-2023-43065 | 2023-10-23 | Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. |
| CVE-2023-43066 | 2023-10-23 | Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing... |
| CVE-2023-43067 | 2023-10-23 | Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. |
| CVE-2023-46122 | 2023-10-23 | Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt |
| CVE-2023-37532 | 2023-10-23 | A path traversal vulnerability affects HCL Commerce |
| CVE-2023-43045 | 2023-10-23 | IBM Sterling Partner Engagement Manager security bypass |
| CVE-2023-38722 | 2023-10-23 | IBM Sterling Partner Engagement Manager cross-site scripting |
| CVE-2023-46288 | 2023-10-23 | Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set |
| CVE-2023-33840 | 2023-10-23 | IBM Security Verify Governance cross-site scripting |
| CVE-2022-22466 | 2023-10-23 | IBM Security Verify Governance information disclosure |
| CVE-2023-33839 | 2023-10-23 | IBM Security Verify Governance command execution |
| CVE-2023-33837 | 2023-10-23 | IBM Security Verify Governance information disclosure |
| CVE-2023-5633 | 2023-10-23 | Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling |
| CVE-2022-38484 | 2023-10-24 | An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker... |
| CVE-2022-38485 | 2023-10-24 | A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from... |
| CVE-2023-29973 | 2023-10-24 | Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. |
| CVE-2023-31580 | 2023-10-24 | light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token. |
| CVE-2023-31581 | 2023-10-24 | Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. |
| CVE-2023-31582 | 2023-10-24 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. |
| CVE-2023-36085 | 2023-10-24 | The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and... |
| CVE-2023-39619 | 2023-10-24 | ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component. |
| CVE-2023-39732 | 2023-10-24 | The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. |
| CVE-2023-39733 | 2023-10-24 | The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. |
| CVE-2023-39734 | 2023-10-24 | The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. |
| CVE-2023-39735 | 2023-10-24 | The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. |
| CVE-2023-39736 | 2023-10-24 | The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. |
| CVE-2023-39737 | 2023-10-24 | The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. |
| CVE-2023-39739 | 2023-10-24 | The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. |
| CVE-2023-39740 | 2023-10-24 | The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. |
| CVE-2023-43281 | 2023-10-24 | Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. |
| CVE-2023-43360 | 2023-10-24 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. |
| CVE-2023-44767 | 2023-10-24 | A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content. |
| CVE-2023-44769 | 2023-10-24 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. |
| CVE-2023-45554 | 2023-10-24 | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. |
| CVE-2023-45555 | 2023-10-24 | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. |
| CVE-2023-45990 | 2023-10-24 | Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. |
| CVE-2023-46010 | 2023-10-24 | An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. |
| CVE-2023-46316 | 2023-10-24 | In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. |
| CVE-2023-46369 | 2023-10-24 | Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. |
| CVE-2023-46370 | 2023-10-24 | Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. |
| CVE-2023-46371 | 2023-10-24 | TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. |
| CVE-2023-46373 | 2023-10-24 | TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. |
| CVE-2023-46574 | 2023-10-24 | An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. |
| CVE-2023-5746 | 2023-10-24 | A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology... |
| CVE-2023-46150 | 2023-10-24 | WordPress WP Radio plugin <= 3.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46151 | 2023-10-24 | WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46152 | 2023-10-24 | WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46189 | 2023-10-24 | WordPress Google Calendar Events Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46190 | 2023-10-24 | WordPress Novo-Map : your WP posts on custom google maps Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5748 | 2023-10-24 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified... |
| CVE-2023-46191 | 2023-10-24 | WordPress Open Graph Metabox Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46193 | 2023-10-24 | WordPress Internal Link Building Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46198 | 2023-10-24 | WordPress Appointment Calendar Plugin <= 2.9.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46202 | 2023-10-24 | WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46204 | 2023-10-24 | WordPress Duplicate Theme Plugin <= 0.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45634 | 2023-10-24 | WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45637 | 2023-10-24 | WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45640 | 2023-10-24 | WordPress WP ULike Plugin <= 4.6.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45644 | 2023-10-24 | WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45646 | 2023-10-24 | WordPress PDF Block Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45747 | 2023-10-24 | WordPress WP Lightbox 2 Plugin <= 3.0.6.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45750 | 2023-10-24 | WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45754 | 2023-10-24 | WordPress Easy Testimonial Slider and Form Plugin <= 1.0.18 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45755 | 2023-10-24 | WordPress BuddyPress Global Search Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) |