CVE List - 2023 / October
Showing 401 - 500 of 2690 CVEs for October 2023 (Page 5 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-45311 | 2023-10-06 | fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained... |
| CVE-2023-45322 | 2023-10-06 | libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think... |
| CVE-2023-26153 | 2023-10-06 | Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a... |
| CVE-2023-40556 | 2023-10-06 | WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2015-10126 | 2023-10-06 | Easy2Map Photos Plugin sql injection |
| CVE-2023-4530 | 2023-10-06 | SQLi in Turna Media's Advertising Administration Panel |
| CVE-2023-4469 | 2023-10-06 | The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to,... |
| CVE-2023-45244 | 2023-10-06 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux,... |
| CVE-2023-45245 | 2023-10-06 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119. |
| CVE-2023-45246 | 2023-10-06 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux,... |
| CVE-2023-36465 | 2023-10-06 | Decidim has broken access control in templates |
| CVE-2023-40008 | 2023-10-06 | WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40671 | 2023-10-06 | WordPress DX-auto-save-images Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25480 | 2023-10-06 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47175 | 2023-10-06 | WordPress Royal Elementor Addons Plugin <= 1.3.75 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25033 | 2023-10-06 | WordPress Social Share Boost Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27448 | 2023-10-06 | WordPress MakeStories (for Google Web Stories) Plugin <= 2.8.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27615 | 2023-10-06 | WordPress WP Super Minify Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28791 | 2023-10-06 | WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29235 | 2023-10-06 | WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35897 | 2023-10-06 | IBM Spectrum Protect code execution |
| CVE-2023-43058 | 2023-10-06 | IBM Robotic Process Automation privilege escalation |
| CVE-2023-38703 | 2023-10-06 | PJSIP has use-after-free vulnerability in SRTP media transport |
| CVE-2023-42445 | 2023-10-06 | Possible local file exfiltration by XML External entity injection |
| CVE-2023-43810 | 2023-10-06 | opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics |
| CVE-2023-41650 | 2023-10-06 | WordPress Remove/hide Author, Date, Category Like Entry-Meta Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41654 | 2023-10-06 | WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41659 | 2023-10-06 | WordPress Responsive Gallery Grid Plugin <= 2.3.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41732 | 2023-10-06 | WordPress CP Blocks Plugin <= 1.0.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41801 | 2023-10-06 | WordPress AWP Classifieds Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40607 | 2023-10-06 | WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41950 | 2023-10-06 | WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44146 | 2023-10-06 | WordPress Checkfront Online Booking System Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44243 | 2023-10-06 | WordPress Instant CSS Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44233 | 2023-10-06 | WordPress FooGallery Plugin <= 2.2.44 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39928 | 2023-10-06 | A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution.... |
| CVE-2023-23365 | 2023-10-06 | Music Station |
| CVE-2023-23366 | 2023-10-06 | Music Station |
| CVE-2023-23370 | 2023-10-06 | QVPN Device Client |
| CVE-2023-23371 | 2023-10-06 | QVPN Device Client |
| CVE-2023-32971 | 2023-10-06 | QTS, QuTS hero, QuTScloud |
| CVE-2023-32972 | 2023-10-06 | QTS, QuTS hero, QuTScloud |
| CVE-2023-44384 | 2023-10-06 | Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location |
| CVE-2023-45239 | 2023-10-06 | A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr,... |
| CVE-2023-5214 | 2023-10-06 | CVE-2023-5214 - Privilege Escalation in Puppet Bolt |
| CVE-2023-5366 | 2023-10-06 | Openvswitch don't match packets on nd_target field |
| CVE-2023-21244 | 2023-10-06 | In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution... |
| CVE-2023-21252 | 2023-10-06 | In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service... |
| CVE-2023-21253 | 2023-10-06 | In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges... |
| CVE-2023-21266 | 2023-10-06 | In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no... |
| CVE-2023-21291 | 2023-10-06 | In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2023-5452 | 2023-10-06 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it |
| CVE-2023-3725 | 2023-10-06 | Potential buffer overflow vulnerability in the Zephyr CANbus subsystem |
| CVE-2022-34355 | 2023-10-06 | IBM Jazz Foundation information disclosure |
| CVE-2022-33160 | 2023-10-06 | IBM Security Directory Suite information disclosure |
| CVE-2023-5182 | 2023-10-06 | Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate... |
| CVE-2023-43615 | 2023-10-07 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. |
| CVE-2023-45199 | 2023-10-07 | Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. |
| CVE-2023-40631 | 2023-10-08 | In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed |
| CVE-2023-40632 | 2023-10-08 | In jpg driver, there is a possible use after free due to a logic error. This could lead to remote information disclosure no additional execution privileges needed |
| CVE-2023-40633 | 2023-10-08 | In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40634 | 2023-10-08 | In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| CVE-2023-40635 | 2023-10-08 | In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| CVE-2023-40636 | 2023-10-08 | In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2023-40637 | 2023-10-08 | In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges |
| CVE-2023-40638 | 2023-10-08 | In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-40639 | 2023-10-08 | In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges |
| CVE-2023-40640 | 2023-10-08 | In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges |
| CVE-2023-40641 | 2023-10-08 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40642 | 2023-10-08 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40643 | 2023-10-08 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40644 | 2023-10-08 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40645 | 2023-10-08 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40646 | 2023-10-08 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40647 | 2023-10-08 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40648 | 2023-10-08 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40649 | 2023-10-08 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40650 | 2023-10-08 | In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-40651 | 2023-10-08 | In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-40652 | 2023-10-08 | In jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-40653 | 2023-10-08 | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed |
| CVE-2023-40654 | 2023-10-08 | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed |
| CVE-2022-36228 | 2023-10-09 | Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app. |
| CVE-2023-39854 | 2023-10-09 | The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in... |
| CVE-2023-43271 | 2023-10-09 | Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. |
| CVE-2023-43899 | 2023-10-09 | hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. |
| CVE-2023-44467 | 2023-10-09 | langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by... |
| CVE-2023-44811 | 2023-10-09 | Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. |
| CVE-2023-44812 | 2023-10-09 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. |
| CVE-2023-44813 | 2023-10-09 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. |
| CVE-2023-45349 | 2023-10-09 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and... |
| CVE-2023-45350 | 2023-10-09 | Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run... |
| CVE-2023-45351 | 2023-10-09 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection... |
| CVE-2023-45352 | 2023-10-09 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal... |
| CVE-2023-45353 | 2023-10-09 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management... |
| CVE-2023-45354 | 2023-10-09 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common... |
| CVE-2023-45355 | 2023-10-09 | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into... |
| CVE-2023-45356 | 2023-10-09 | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the... |
| CVE-2023-45363 | 2023-10-09 | An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop... |
| CVE-2023-45364 | 2023-10-09 | An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals... |