CVE List - 2023 / October
Showing 2401 - 2500 of 2690 CVEs for October 2023 (Page 25 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-39172 | 2023-10-30 | A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim's browser via... |
| CVE-2023-42323 | 2023-10-30 | Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file. |
| CVE-2023-45956 | 2023-10-30 | An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands. |
| CVE-2023-46478 | 2023-10-30 | An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. |
| CVE-2023-46502 | 2023-10-30 | An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. |
| CVE-2023-46865 | 2023-10-30 | /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. |
| CVE-2023-46866 | 2023-10-30 | In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes. |
| CVE-2023-46867 | 2023-10-30 | In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference. |
| CVE-2023-47090 | 2023-10-30 | NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the... |
| CVE-2023-47101 | 2023-10-30 | The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. |
| CVE-2023-47104 | 2023-10-30 | tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because... |
| CVE-2023-5842 | 2023-10-30 | Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr |
| CVE-2021-25736 | 2023-10-30 | Windows kube-proxy LoadBalancer contention |
| CVE-2023-44141 | 2023-10-30 | Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. |
| CVE-2023-45746 | 2023-10-30 | Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type... |
| CVE-2023-45797 | 2023-10-30 | DreamSecurity MagicLine Buffer Overflow Vulnerability |
| CVE-2023-45798 | 2023-10-30 | Yettiesoft VestCert Remote Code Execution Vulnerability |
| CVE-2023-45799 | 2023-10-30 | MLSoft TCO!stream Remote Code Execution Vulnerability |
| CVE-2023-5844 | 2023-10-30 | Unverified Password Change in pimcore/admin-ui-classic-bundle |
| CVE-2023-42431 | 2023-10-30 | Potential XSS on user preferences page |
| CVE-2023-5832 | 2023-10-30 | Improper Input Validation in mintplex-labs/anything-llm |
| CVE-2023-5833 | 2023-10-30 | Improper Access Control in mintplex-labs/anything-llm |
| CVE-2023-5583 | 2023-10-30 | The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta... |
| CVE-2023-5315 | 2023-10-30 | The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the... |
| CVE-2023-5252 | 2023-10-30 | The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user... |
| CVE-2023-5565 | 2023-10-30 | The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping... |
| CVE-2023-5164 | 2023-10-30 | The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping... |
| CVE-2023-5843 | 2023-10-30 | The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute... |
| CVE-2023-5199 | 2023-10-30 | The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated... |
| CVE-2023-5566 | 2023-10-30 | The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on... |
| CVE-2023-5250 | 2023-10-30 | The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to... |
| CVE-2023-5049 | 2023-10-30 | The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to... |
| CVE-2023-5666 | 2023-10-30 | The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and... |
| CVE-2023-5335 | 2023-10-30 | The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping... |
| CVE-2023-5362 | 2023-10-30 | The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient... |
| CVE-2023-5251 | 2023-10-30 | The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in... |
| CVE-2023-4964 | 2023-10-30 | Potential open redirect vulnerability in opentext SMAX and AMX product. |
| CVE-2022-4573 | 2023-10-30 | An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2022-4574 | 2023-10-30 | An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2022-48189 | 2023-10-30 | An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2022-4575 | 2023-10-30 | A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated... |
| CVE-2023-44323 | 2023-10-30 | PDF Jbig2 memory-corruption Vulnerability - MSFT T5 |
| CVE-2021-39810 | 2023-10-30 | In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check.... |
| CVE-2022-20264 | 2023-10-30 | In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local... |
| CVE-2022-20531 | 2023-10-30 | In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21293 | 2023-10-30 | In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of... |
| CVE-2023-21294 | 2023-10-30 | In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-21295 | 2023-10-30 | In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no... |
| CVE-2023-21296 | 2023-10-30 | In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of... |
| CVE-2023-36920 | 2023-10-30 | Clickjacking vulnerability in SAP Enable Now |
| CVE-2023-21297 | 2023-10-30 | In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-21298 | 2023-10-30 | In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-21299 | 2023-10-30 | In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21300 | 2023-10-30 | In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21301 | 2023-10-30 | In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of... |
| CVE-2023-21302 | 2023-10-30 | In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21303 | 2023-10-30 | In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21304 | 2023-10-30 | In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21305 | 2023-10-30 | In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21306 | 2023-10-30 | In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution... |
| CVE-2023-21307 | 2023-10-30 | In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead... |
| CVE-2023-21308 | 2023-10-30 | In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-21309 | 2023-10-30 | In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-21310 | 2023-10-30 | In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-21311 | 2023-10-30 | In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no... |
| CVE-2023-21312 | 2023-10-30 | In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2023-21313 | 2023-10-30 | In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2023-21314 | 2023-10-30 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-21315 | 2023-10-30 | In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed.... |
| CVE-2023-21316 | 2023-10-30 | In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21317 | 2023-10-30 | In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21318 | 2023-10-30 | In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21319 | 2023-10-30 | In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution... |
| CVE-2023-21320 | 2023-10-30 | In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to... |
| CVE-2023-21321 | 2023-10-30 | In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-21323 | 2023-10-30 | In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21324 | 2023-10-30 | In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation... |
| CVE-2023-21325 | 2023-10-30 | In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21326 | 2023-10-30 | In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local... |
| CVE-2023-21327 | 2023-10-30 | In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21328 | 2023-10-30 | In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation... |
| CVE-2023-21329 | 2023-10-30 | In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no... |
| CVE-2023-21330 | 2023-10-30 | In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21331 | 2023-10-30 | In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21332 | 2023-10-30 | In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21333 | 2023-10-30 | In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21334 | 2023-10-30 | In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with... |
| CVE-2023-21335 | 2023-10-30 | In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... |
| CVE-2023-21336 | 2023-10-30 | In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21337 | 2023-10-30 | In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of... |
| CVE-2023-21338 | 2023-10-30 | In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation... |
| CVE-2023-21339 | 2023-10-30 | In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional... |
| CVE-2023-21340 | 2023-10-30 | In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-21341 | 2023-10-30 | In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-21342 | 2023-10-30 | In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation... |
| CVE-2023-21343 | 2023-10-30 | In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2023-21344 | 2023-10-30 | In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information... |
| CVE-2023-21345 | 2023-10-30 | In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local... |
| CVE-2023-21346 | 2023-10-30 | In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to... |
| CVE-2023-21347 | 2023-10-30 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User... |