CVE List - 2023 / November
Showing 1001 - 1100 of 2443 CVEs for November 2023 (Page 11 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45781 | 2023-11-14 | Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName. |
| CVE-2023-31754 | 2023-11-14 | Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel. |
| CVE-2023-41570 | 2023-11-14 | MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. |
| CVE-2023-42325 | 2023-11-14 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. |
| CVE-2023-42326 | 2023-11-14 | An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. |
| CVE-2023-42327 | 2023-11-14 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. |
| CVE-2023-43900 | 2023-11-14 | Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and... |
| CVE-2023-43901 | 2023-11-14 | Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user. |
| CVE-2023-43902 | 2023-11-14 | Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted... |
| CVE-2023-45558 | 2023-11-14 | An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. |
| CVE-2023-45560 | 2023-11-14 | An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. |
| CVE-2023-45684 | 2023-11-14 | Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page... |
| CVE-2023-45878 | 2023-11-14 | GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected... |
| CVE-2023-45879 | 2023-11-14 | GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. |
| CVE-2023-45880 | 2023-11-14 | GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary... |
| CVE-2023-45881 | 2023-11-14 | GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1... |
| CVE-2023-46022 | 2023-11-14 | SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter. |
| CVE-2023-46023 | 2023-11-14 | SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter. |
| CVE-2023-46024 | 2023-11-14 | SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter. |
| CVE-2023-46025 | 2023-11-14 | SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter. |
| CVE-2023-46026 | 2023-11-14 | Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters. |
| CVE-2023-46580 | 2023-11-14 | Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component. |
| CVE-2023-46581 | 2023-11-14 | SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. |
| CVE-2023-46582 | 2023-11-14 | SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component. |
| CVE-2023-47262 | 2023-11-14 | The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access... |
| CVE-2023-47384 | 2023-11-14 | MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2023-48020 | 2023-11-14 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. |
| CVE-2023-48021 | 2023-11-14 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. |
| CVE-2023-48094 | 2023-11-14 | A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the... |
| CVE-2023-46445 | 2023-11-14 | An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." |
| CVE-2023-46446 | 2023-11-14 | An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." |
| CVE-2023-47629 | 2023-11-14 | Privilege escalation through email sign-up in datahub |
| CVE-2023-47628 | 2023-11-14 | Session Expiration Misconfiguration in datahub |
| CVE-2023-31403 | 2023-11-14 | Improper Access Control vulnerability in SAP Business One product installation |
| CVE-2023-41366 | 2023-11-14 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2023-42480 | 2023-11-14 | Information Disclosure in NetWeaver AS Java Logon |
| CVE-2023-6006 | 2023-11-14 | Privilege Escalation Vulnerability |
| CVE-2023-47609 | 2023-11-14 | SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by... |
| CVE-2023-6109 | 2023-11-14 | The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function.... |
| CVE-2023-31247 | 2023-11-14 | A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker... |
| CVE-2023-28379 | 2023-11-14 | A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can... |
| CVE-2023-27882 | 2023-11-14 | A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker... |
| CVE-2023-28391 | 2023-11-14 | A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send... |
| CVE-2023-25181 | 2023-11-14 | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An... |
| CVE-2023-24585 | 2023-11-14 | An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a... |
| CVE-2023-43503 | 2023-11-14 | A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP. |
| CVE-2023-43504 | 2023-11-14 | A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler (SEH) based... |
| CVE-2023-43505 | 2023-11-14 | A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user... |
| CVE-2023-44317 | 2023-11-14 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2023-44318 | 2023-11-14 | Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an... |
| CVE-2023-44319 | 2023-11-14 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2023-44320 | 2023-11-14 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2023-44321 | 2023-11-14 | Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition.... |
| CVE-2023-44322 | 2023-11-14 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2023-44373 | 2023-11-14 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2023-44374 | 2023-11-14 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2023-45794 | 2023-11-14 | A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All... |
| CVE-2023-46096 | 2023-11-14 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service.... |
| CVE-2023-46097 | 2023-11-14 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an... |
| CVE-2023-46098 | 2023-11-14 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This... |
| CVE-2023-46099 | 2023-11-14 | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could... |
| CVE-2023-46590 | 2023-11-14 | A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could... |
| CVE-2023-46601 | 2023-11-14 | A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database... |
| CVE-2023-6111 | 2023-11-14 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2023-6124 | 2023-11-14 | Server-Side Request Forgery (SSRF) in salesagility/suitecrm |
| CVE-2023-6125 | 2023-11-14 | Code Injection in salesagility/suitecrm |
| CVE-2023-6126 | 2023-11-14 | Code Injection in salesagility/suitecrm |
| CVE-2023-6127 | 2023-11-14 | Unrestricted Upload of File with Dangerous Type in salesagility/suitecrm |
| CVE-2023-6128 | 2023-11-14 | Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm |
| CVE-2023-6130 | 2023-11-14 | Path Traversal: '\..\filename' in salesagility/suitecrm |
| CVE-2023-6131 | 2023-11-14 | Code Injection in salesagility/suitecrm |
| CVE-2023-47660 | 2023-11-14 | WordPress Product Visibility by Country for WooCommerce Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47659 | 2023-11-14 | WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38151 | 2023-11-14 | Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability |
| CVE-2023-36719 | 2023-11-14 | Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability |
| CVE-2023-36705 | 2023-11-14 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2023-36560 | 2023-11-14 | ASP.NET Security Feature Bypass Vulnerability |
| CVE-2023-36428 | 2023-11-14 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
| CVE-2023-36427 | 2023-11-14 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2023-36425 | 2023-11-14 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
| CVE-2023-36424 | 2023-11-14 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2023-36423 | 2023-11-14 | Microsoft Remote Registry Service Remote Code Execution Vulnerability |
| CVE-2023-36422 | 2023-11-14 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
| CVE-2023-36413 | 2023-11-14 | Microsoft Office Security Feature Bypass Vulnerability |
| CVE-2023-36410 | 2023-11-14 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-36052 | 2023-11-14 | Azure CLI REST Command Information Disclosure Vulnerability |
| CVE-2023-36043 | 2023-11-14 | Open Management Infrastructure Information Disclosure Vulnerability |
| CVE-2023-36036 | 2023-11-14 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2023-36017 | 2023-11-14 | Windows Scripting Engine Memory Corruption Vulnerability |
| CVE-2023-38177 | 2023-11-14 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2023-36439 | 2023-11-14 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-36408 | 2023-11-14 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2023-36407 | 2023-11-14 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2023-36406 | 2023-11-14 | Windows Hyper-V Information Disclosure Vulnerability |
| CVE-2023-36405 | 2023-11-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-36404 | 2023-11-14 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2023-36403 | 2023-11-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-36402 | 2023-11-14 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-36401 | 2023-11-14 | Microsoft Remote Registry Service Remote Code Execution Vulnerability |
| CVE-2023-36400 | 2023-11-14 | Windows HMAC Key Derivation Elevation of Privilege Vulnerability |