CVE List - 2023 / October
Showing 2301 - 2400 of 2690 CVEs for October 2023 (Page 24 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5814 | 2023-10-27 | SourceCodester Task Reminder System sql injection |
| CVE-2023-5051 | 2023-10-27 | The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization... |
| CVE-2023-34057 | 2023-10-27 | VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. |
| CVE-2023-34058 | 2023-10-27 | VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate... |
| CVE-2023-34059 | 2023-10-27 | open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user... |
| CVE-2023-44219 | 2023-10-27 | A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery... |
| CVE-2023-46091 | 2023-10-27 | WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46093 | 2023-10-27 | WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46153 | 2023-10-27 | WordPress User Feedback Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46192 | 2023-10-27 | WordPress Internal Link Building Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44220 | 2023-10-27 | SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could... |
| CVE-2023-46194 | 2023-10-27 | WordPress Archivist – Custom Archive Templates Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46199 | 2023-10-27 | WordPress Triberr Plugin <= 4.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5774 | 2023-10-27 | The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and... |
| CVE-2023-5817 | 2023-10-27 | The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization... |
| CVE-2023-5705 | 2023-10-27 | The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input... |
| CVE-2023-5821 | 2023-10-27 | The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it... |
| CVE-2023-5820 | 2023-10-27 | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality.... |
| CVE-2023-5570 | 2023-10-27 | User Enumeration in Inohom's Home Manager Gateway |
| CVE-2023-5807 | 2023-10-27 | SQLi in TRtek Software's Education Portal |
| CVE-2023-5443 | 2023-10-27 | User Enumeration in EDM Informatic's E-Invoice Software |
| CVE-2023-46604 | 2023-10-27 | Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack |
| CVE-2023-5826 | 2023-10-27 | Netentsec NS-ASG Application Security Gateway list_onlineuser.php sql injection |
| CVE-2023-5827 | 2023-10-27 | Shanghai CTI Navigation CTI Monitoring and Early Warning System UserEdit.aspx sql injection |
| CVE-2023-4967 | 2023-10-27 | Denial of service |
| CVE-2023-46290 | 2023-10-27 | Rockwell Automation FactoryTalk Services Platform Elevated Privileges Vulnerability |
| CVE-2023-46289 | 2023-10-27 | Rockwell Automation FactoryTalk® View Site Edition Vulnerable to Improper Input Validation |
| CVE-2023-46246 | 2023-10-27 | Integer Overflow in :history command in Vim |
| CVE-2022-34886 | 2023-10-27 | A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side... |
| CVE-2022-34887 | 2023-10-27 | Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. |
| CVE-2023-27854 | 2023-10-27 | Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability |
| CVE-2022-3429 | 2023-10-27 | A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes... |
| CVE-2023-27858 | 2023-10-27 | Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability |
| CVE-2022-3611 | 2023-10-27 | An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. |
| CVE-2022-3681 | 2023-10-27 | A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin,... |
| CVE-2023-29009 | 2023-10-27 | basercms XSS Vulnerability via Favorites Feature |
| CVE-2023-5828 | 2023-10-27 | Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql injection |
| CVE-2022-3700 | 2023-10-27 | A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary... |
| CVE-2022-3701 | 2023-10-27 | A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. |
| CVE-2022-3702 | 2023-10-27 | A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under... |
| CVE-2023-5829 | 2023-10-27 | code-projects Admission Management System student_avatar.php unrestricted upload |
| CVE-2023-46200 | 2023-10-27 | WordPress Smart App Banner Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32738 | 2023-10-27 | WordPress Eonet Manual User Approve Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40116 | 2023-10-27 | In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of... |
| CVE-2023-40117 | 2023-10-27 | In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2023-40120 | 2023-10-27 | In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no... |
| CVE-2023-40121 | 2023-10-27 | In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not... |
| CVE-2023-40123 | 2023-10-27 | In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional... |
| CVE-2023-40125 | 2023-10-27 | In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege... |
| CVE-2023-46211 | 2023-10-27 | WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40127 | 2023-10-27 | In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-40128 | 2023-10-27 | In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional... |
| CVE-2023-40129 | 2023-10-27 | In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution... |
| CVE-2023-40130 | 2023-10-27 | In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch... |
| CVE-2023-40131 | 2023-10-27 | In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-40133 | 2023-10-27 | In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional... |
| CVE-2023-40134 | 2023-10-27 | In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution... |
| CVE-2023-40135 | 2023-10-27 | In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution... |
| CVE-2023-40136 | 2023-10-27 | In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution... |
| CVE-2023-40137 | 2023-10-27 | In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional... |
| CVE-2023-40138 | 2023-10-27 | In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution... |
| CVE-2023-40139 | 2023-10-27 | In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution... |
| CVE-2023-40140 | 2023-10-27 | In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional... |
| CVE-2023-46208 | 2023-10-27 | WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5830 | 2023-10-27 | ColumbiaSoft Document Locator WebTools login improper authentication |
| CVE-2023-46209 | 2023-10-27 | WordPress Grid Plus Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44480 | 2023-10-27 | Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-5834 | 2023-10-27 | Vagrant’s Windows Installer Allowed Directory Junction Write |
| CVE-2023-43322 | 2023-10-28 | ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command... |
| CVE-2023-45897 | 2023-10-28 | exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. |
| CVE-2023-46467 | 2023-10-28 | Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page. |
| CVE-2023-46468 | 2023-10-28 | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. |
| CVE-2023-46569 | 2023-10-28 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. |
| CVE-2023-46570 | 2023-10-28 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. |
| CVE-2023-46854 | 2023-10-28 | Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature. |
| CVE-2023-46215 | 2023-10-28 | Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend |
| CVE-2023-5426 | 2023-10-28 | The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions... |
| CVE-2023-5425 | 2023-10-28 | The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up... |
| CVE-2023-5835 | 2023-10-28 | hu60t hu60wap6 ubbparser.php markdown cross site scripting |
| CVE-2023-5836 | 2023-10-28 | SourceCodester Task Reminder System sql injection |
| CVE-2023-5837 | 2023-10-28 | AlexanderLivanov FotosCMS2 Cookie profile.php cross site scripting |
| CVE-2023-46858 | 2023-10-29 | Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance... |
| CVE-2023-46862 | 2023-10-29 | An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. |
| CVE-2023-46863 | 2023-10-29 | Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request. |
| CVE-2023-46864 | 2023-10-29 | Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request. |
| CVE-2023-5839 | 2023-10-29 | Privilege Chaining in hestiacp/hestiacp |
| CVE-2023-5840 | 2023-10-29 | Weak Password Recovery Mechanism for Forgotten Password in linkstackorg/linkstack |
| CVE-2023-5838 | 2023-10-29 | Insufficient Session Expiration in linkstackorg/linkstack |
| CVE-2023-43041 | 2023-10-29 | IBM QRadar information disclosure |
| CVE-2023-40686 | 2023-10-29 | IBM i privilege escalation |
| CVE-2023-40685 | 2023-10-29 | IBM i privilege escalation |
| CVE-2021-33634 | 2023-10-29 | Malicious image running containers may cause DoS attacks |
| CVE-2021-33635 | 2023-10-29 | Pull malicious images may cause process to be hijacked |
| CVE-2021-33636 | 2023-10-29 | Load malicious images may cause process to be hijacked |
| CVE-2021-33637 | 2023-10-29 | Export container in a malicious directory may cause process to be hijacked |
| CVE-2021-33638 | 2023-10-29 | Run copy with container in a malicious directory may cause container escaping |
| CVE-2005-10002 | 2023-10-29 | almosteffortless secure-files Plugin secure-files.php sf_downloads path traversal |
| CVE-2007-10003 | 2023-10-29 | The Hackers Diet Plugin HTTP POST Request ajax_blurb.php sql injection |
| CVE-2023-4393 | 2023-10-29 | HTML and SMTP Injection in LiquidFiles |
| CVE-2020-36767 | 2023-10-30 | tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. |