CVE List - 2023 / October
Showing 801 - 900 of 2690 CVEs for October 2023 (Page 9 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-36789 | 2023-10-10 | Skype for Business Remote Code Execution Vulnerability |
| CVE-2023-36786 | 2023-10-10 | Skype for Business Remote Code Execution Vulnerability |
| CVE-2023-36785 | 2023-10-10 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-36780 | 2023-10-10 | Skype for Business Remote Code Execution Vulnerability |
| CVE-2023-36778 | 2023-10-10 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-36776 | 2023-10-10 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-36743 | 2023-10-10 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-36566 | 2023-10-10 | Microsoft Common Data Model SDK Denial of Service Vulnerability |
| CVE-2023-36565 | 2023-10-10 | Microsoft Office Graphics Elevation of Privilege Vulnerability |
| CVE-2023-36436 | 2023-10-10 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| CVE-2023-36418 | 2023-10-10 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability |
| CVE-2023-36416 | 2023-10-10 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-36415 | 2023-10-10 | Azure Identity SDK Remote Code Execution Vulnerability |
| CVE-2023-36414 | 2023-10-10 | Azure Identity SDK Remote Code Execution Vulnerability |
| CVE-2023-42794 | 2023-10-10 | Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows |
| CVE-2023-45129 | 2023-10-10 | matrix-synapse vulnerable to denial of service due to malicious server ACL events |
| CVE-2023-4309 | 2023-10-10 | Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for... |
| CVE-2023-5497 | 2023-10-10 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-42795 | 2023-10-10 | Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests |
| CVE-2023-45648 | 2023-10-10 | Apache Tomcat: Trailer header parsing too lenient |
| CVE-2023-26220 | 2023-10-10 | TIBCO Spotfire Stored Cross-site Scripting (XSS) vulnerability |
| CVE-2023-38817 | 2023-10-11 | An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the... |
| CVE-2023-43960 | 2023-10-11 | An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component. |
| CVE-2023-44961 | 2023-10-11 | SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component. |
| CVE-2023-44962 | 2023-10-11 | File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. |
| CVE-2023-45396 | 2023-10-11 | An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12. |
| CVE-2023-5511 | 2023-10-11 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2023-44689 | 2023-10-11 | e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme.... |
| CVE-2023-45194 | 2023-10-11 | Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication,... |
| CVE-2022-42451 | 2023-10-11 | HCL BigFix Patch Management is vulnerable to insecurely stored credentials |
| CVE-2022-44758 | 2023-10-11 | HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper credential handling |
| CVE-2022-44757 | 2023-10-11 | HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to weak cryptography |
| CVE-2023-26318 | 2023-10-11 | Xiaomi router web interface post-authorization stack overflow |
| CVE-2023-26319 | 2023-10-11 | Xiaomi Router administration interface vulnerability leads command injection and stack overflow |
| CVE-2023-37536 | 2023-10-11 | HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3 |
| CVE-2023-26320 | 2023-10-11 | Xiaomi Router external request interface vulnerability leads to stack overflow |
| CVE-2023-4990 | 2023-10-11 | Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files. |
| CVE-2023-44997 | 2023-10-11 | WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-42138 | 2023-10-11 | Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary... |
| CVE-2023-44093 | 2023-10-11 | Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-44096 | 2023-10-11 | Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-44109 | 2023-10-11 | Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-44094 | 2023-10-11 | Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. |
| CVE-2023-38216 | 2023-10-11 | ZDI-CAN-21404: Adobe Bridge Font Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2023-38217 | 2023-10-11 | ZDI-CAN-21403: Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-44095 | 2023-10-11 | Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash. |
| CVE-2023-44097 | 2023-10-11 | Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-44100 | 2023-10-11 | Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-44101 | 2023-10-11 | The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-26370 | 2023-10-11 | ZDI-CAN-21257: Adobe Photoshop PSD File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2023-44102 | 2023-10-11 | Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable. |
| CVE-2023-44103 | 2023-10-11 | Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-44104 | 2023-10-11 | Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-44106 | 2023-10-11 | API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-44981 | 2023-10-11 | Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication |
| CVE-2023-5520 | 2023-10-11 | Out-of-bounds Read in gpac/gpac |
| CVE-2023-41304 | 2023-10-11 | Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window. |
| CVE-2023-44110 | 2023-10-11 | Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-44111 | 2023-10-11 | Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-5521 | 2023-10-11 | Incorrect Authorization in tiann/kernelsu |
| CVE-2023-44114 | 2023-10-11 | Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-44116 | 2023-10-11 | Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. |
| CVE-2023-44118 | 2023-10-11 | Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality. |
| CVE-2023-44119 | 2023-10-11 | Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-44105 | 2023-10-11 | Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-44107 | 2023-10-11 | Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity. |
| CVE-2023-44108 | 2023-10-11 | Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. |
| CVE-2023-37538 | 2023-10-11 | HCL Digital Experience is susceptible to cross site scripting (XSS) |
| CVE-2023-4957 | 2023-10-11 | Authentication Bypass on Zebra ZTC |
| CVE-2023-35967 | 2023-10-11 | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send... |
| CVE-2023-35968 | 2023-10-11 | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send... |
| CVE-2023-35965 | 2023-10-11 | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can... |
| CVE-2023-35966 | 2023-10-11 | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can... |
| CVE-2023-32632 | 2023-10-11 | A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network... |
| CVE-2023-34426 | 2023-10-11 | A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send... |
| CVE-2023-31272 | 2023-10-11 | A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send... |
| CVE-2023-34346 | 2023-10-11 | A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send... |
| CVE-2023-34365 | 2023-10-11 | A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send... |
| CVE-2023-24479 | 2023-10-11 | An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a... |
| CVE-2023-35055 | 2023-10-11 | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network... |
| CVE-2023-35056 | 2023-10-11 | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network... |
| CVE-2023-32645 | 2023-10-11 | A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send... |
| CVE-2023-35193 | 2023-10-11 | An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An... |
| CVE-2023-35194 | 2023-10-11 | An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An... |
| CVE-2023-34354 | 2023-10-11 | A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary... |
| CVE-2023-27380 | 2023-10-11 | An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An... |
| CVE-2023-28381 | 2023-10-11 | An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An... |
| CVE-2023-34356 | 2023-10-11 | An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An... |
| CVE-2023-4936 | 2023-10-11 | Synaptics-DisplayLink-privilege escalation vulnerability via a dynamic library sideloading |
| CVE-2023-23930 | 2023-10-11 | vantage6's Pickle serialization is insecure |
| CVE-2023-35645 | 2023-10-11 | In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-5535 | 2023-10-11 | Use After Free in vim/vim |
| CVE-2023-35646 | 2023-10-11 | In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2023-35647 | 2023-10-11 | In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required.... |
| CVE-2023-35648 | 2023-10-11 | In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required.... |
| CVE-2023-35649 | 2023-10-11 | In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System... |
| CVE-2023-35652 | 2023-10-11 | In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required.... |
| CVE-2023-35653 | 2023-10-11 | In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-28635 | 2023-10-11 | Defining resource name as integer in vantage6 may give unintended access |
| CVE-2023-35654 | 2023-10-11 | In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |