CVE List - 2023 / October
Showing 501 - 600 of 2690 CVEs for October 2023 (Page 6 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-45367 | 2023-10-09 | An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store... |
| CVE-2023-45369 | 2023-10-09 | An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed. |
| CVE-2023-45370 | 2023-10-09 | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the... |
| CVE-2023-45371 | 2023-10-09 | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items. |
| CVE-2023-45372 | 2023-10-09 | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit... |
| CVE-2023-45373 | 2023-10-09 | An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators. |
| CVE-2023-45374 | 2023-10-09 | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token... |
| CVE-2023-44821 | 2023-10-09 | Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by... |
| CVE-2023-44260 | 2023-10-09 | WordPress Woocommerce ESTO Plugin <= 2.23.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44231 | 2023-10-09 | WordPress Contact Form Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44232 | 2023-10-09 | WordPress WP Hide Pages Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3589 | 2023-10-09 | Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x |
| CVE-2023-44236 | 2023-10-09 | WordPress WP Captcha Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44237 | 2023-10-09 | WordPress WP Site Protector Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44238 | 2023-10-09 | WordPress Remove slug from custom post type Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44246 | 2023-10-09 | WordPress Shockingly Simple Favicon Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44240 | 2023-10-09 | WordPress Timthumb Vulnerability Scanner Plugin <= 1.54 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44473 | 2023-10-09 | WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44993 | 2023-10-09 | WordPress ChatBot Plugin <= 4.7.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45612 | 2023-10-09 | In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE |
| CVE-2023-45613 | 2023-10-09 | In JetBrains Ktor before 2.3.5 server certificates were not verified |
| CVE-2023-5330 | 2023-10-09 | Denial of Service via Opengraph Data Cache |
| CVE-2023-5331 | 2023-10-09 | File Information Leak via IDOR in file_id in Draft Posts |
| CVE-2023-5333 | 2023-10-09 | Denial of Service via multiple identical User IDs in /api/v4/users/ids |
| CVE-2023-45248 | 2023-10-09 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391. |
| CVE-2023-45247 | 2023-10-09 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux,... |
| CVE-2023-43696 | 2023-10-09 | Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. |
| CVE-2023-43700 | 2023-10-09 | Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. |
| CVE-2023-43699 | 2023-10-09 | Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. |
| CVE-2023-43698 | 2023-10-09 | Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting... |
| CVE-2023-43697 | 2023-10-09 | Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP... |
| CVE-2023-5100 | 2023-10-09 | Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. |
| CVE-2023-5101 | 2023-10-09 | Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. |
| CVE-2023-5102 | 2023-10-09 | Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. |
| CVE-2023-5103 | 2023-10-09 | Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on... |
| CVE-2022-35950 | 2023-10-09 | OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item |
| CVE-2023-25822 | 2023-10-09 | ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements |
| CVE-2023-36820 | 2023-10-09 | micronaut security has invalid IdTokenClaimsValidator logic on aud |
| CVE-2023-43643 | 2023-10-09 | mXSS in AntiSamy |
| CVE-2023-44378 | 2023-10-09 | gnark vulnerable to unsoundness in variable comparison/non-unique binary decomposition |
| CVE-2023-41660 | 2023-10-09 | WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44393 | 2023-10-09 | Piwigo Reflected XSS vulnerability |
| CVE-2023-30910 | 2023-10-09 | HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. |
| CVE-2023-44400 | 2023-10-09 | Uptime Kuma has Persistentent User Sessions |
| CVE-2023-5365 | 2023-10-09 | HP LIFE Android Mobile – Potential Escalation of Privilege, Information Disclosure |
| CVE-2023-41047 | 2023-10-09 | Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint |
| CVE-2023-42455 | 2023-10-09 | Wazuh vulnerable to user privilege escalation |
| CVE-2023-41667 | 2023-10-09 | WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41668 | 2023-10-09 | WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39189 | 2023-10-09 | Kernel: netfilter: nftables out-of-bounds read in nf_osf_match_one() |
| CVE-2023-39192 | 2023-10-09 | Kernel: netfilter: xtables out-of-bounds read in u32_match_it() |
| CVE-2023-39193 | 2023-10-09 | Kernel: netfilter: xtables sctp out-of-bounds read in match_flags() |
| CVE-2023-39194 | 2023-10-09 | Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match() |
| CVE-2023-41669 | 2023-10-09 | WordPress Live News Plugin <= 1.06 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-3431 | 2023-10-09 | A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify... |
| CVE-2023-41670 | 2023-10-09 | WordPress Use Memcached Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41672 | 2023-10-09 | WordPress Hide admin notices – Admin Notification Center Plugin <= 2.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5459 | 2023-10-09 | Delta Electronics DVP32ES2 PLC Password Transmission denial of service |
| CVE-2023-5460 | 2023-10-09 | Delta Electronics WPLSoft Modbus Data Packet heap-based overflow |
| CVE-2023-44392 | 2023-10-09 | Arbitrary code execution vulnerability when using shared Kubernetes cluster |
| CVE-2023-5461 | 2023-10-09 | Delta Electronics WPLSoft Modbus cleartext transmission |
| CVE-2022-3728 | 2023-10-09 | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized... |
| CVE-2022-48182 | 2023-10-09 | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized... |
| CVE-2022-48183 | 2023-10-09 | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized... |
| CVE-2023-43641 | 2023-10-09 | libcue vulnerable to out-of-bounds array access |
| CVE-2023-5462 | 2023-10-09 | XINJE XD5E-30R-E Modbus denial of service |
| CVE-2023-5463 | 2023-10-09 | XINJE XDPPro cfgmgr32.dll uncontrolled search path |
| CVE-2020-18336 | 2023-10-10 | Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. |
| CVE-2020-27213 | 2023-10-10 | An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result,... |
| CVE-2020-27630 | 2023-10-10 | In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. |
| CVE-2020-27631 | 2023-10-10 | In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. |
| CVE-2020-27633 | 2023-10-10 | In FNET 4.6.3, TCP ISNs are improperly random. |
| CVE-2020-27634 | 2023-10-10 | In Contiki 4.5, TCP ISNs are improperly random. |
| CVE-2020-27635 | 2023-10-10 | In PicoTCP 1.7.0, TCP ISNs are improperly random. |
| CVE-2020-27636 | 2023-10-10 | In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. |
| CVE-2023-31096 | 2023-10-10 | An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL... |
| CVE-2023-36126 | 2023-10-10 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 |
| CVE-2023-36127 | 2023-10-10 | User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user... |
| CVE-2023-42189 | 2023-10-10 | Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart... |
| CVE-2023-43896 | 2023-10-10 | A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. |
| CVE-2023-44763 | 2023-10-10 | Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is... |
| CVE-2023-44826 | 2023-10-10 | Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. |
| CVE-2023-44827 | 2023-10-10 | An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script... |
| CVE-2023-44846 | 2023-10-10 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. |
| CVE-2023-44847 | 2023-10-10 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. |
| CVE-2023-44848 | 2023-10-10 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. |
| CVE-2023-44959 | 2023-10-10 | An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. |
| CVE-2023-45208 | 2023-10-10 | A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root... |
| CVE-2023-45312 | 2023-10-10 | In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability. |
| CVE-2023-44487 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-5471 | 2023-10-10 | codeprojects Farmacia index.php sql injection |
| CVE-2023-40310 | 2023-10-10 | Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import |
| CVE-2023-41365 | 2023-10-10 | Information Disclosure vulnerability in SAP Business One (B1i) |
| CVE-2023-42473 | 2023-10-10 | Missing Authorization Check In S/4HANA (Manage Withholding Tax Items) |
| CVE-2023-42474 | 2023-10-10 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence |
| CVE-2023-42475 | 2023-10-10 | Information Disclosure Vulnerability in Statutory Reporting |
| CVE-2023-42477 | 2023-10-10 | Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application) |
| CVE-2023-5468 | 2023-10-10 | The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output... |
| CVE-2023-5467 | 2023-10-10 | The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping... |
| CVE-2023-41684 | 2023-10-10 | WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to Cross Site Request Forgery (CSRF) |