CVE List - 2023 / November
Showing 701 - 800 of 2443 CVEs for November 2023 (Page 8 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-47229 | 2023-11-08 | WordPress Download Top 25 Social Icons Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47231 | 2023-11-08 | WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5996 | 2023-11-08 | Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-26221 | 2023-11-08 | TIBCO Spotfire Insufficiently Protected Credential vulnerability |
| CVE-2023-0392 | 2023-11-08 | The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. |
| CVE-2023-47109 | 2023-11-08 | PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block |
| CVE-2023-47111 | 2023-11-08 | ZITADEL race condition in lockout policy execution |
| CVE-2023-47114 | 2023-11-08 | Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages |
| CVE-2023-47113 | 2023-11-08 | DLL Search Order Hijacking vulnerability in BleachBit for Windows |
| CVE-2023-4632 | 2023-11-08 | An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. |
| CVE-2023-4706 | 2023-11-08 | A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. |
| CVE-2023-4891 | 2023-11-08 | A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. |
| CVE-2023-5075 | 2023-11-08 | A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-5078 | 2023-11-08 | A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. |
| CVE-2023-5079 | 2023-11-08 | Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. |
| CVE-2023-43567 | 2023-11-08 | A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-43568 | 2023-11-08 | A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. |
| CVE-2023-43569 | 2023-11-08 | A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-43570 | 2023-11-08 | A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. |
| CVE-2023-43571 | 2023-11-08 | A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-43578 | 2023-11-08 | A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-43579 | 2023-11-08 | A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-43580 | 2023-11-08 | A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-43581 | 2023-11-08 | A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-45075 | 2023-11-08 | A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. |
| CVE-2023-45076 | 2023-11-08 | A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. |
| CVE-2023-45077 | 2023-11-08 | A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. |
| CVE-2023-45078 | 2023-11-08 | A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. |
| CVE-2023-45079 | 2023-11-08 | A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. |
| CVE-2023-43572 | 2023-11-08 | A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. |
| CVE-2023-43573 | 2023-11-08 | A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-43574 | 2023-11-08 | A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. |
| CVE-2023-43575 | 2023-11-08 | A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-43576 | 2023-11-08 | A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-43577 | 2023-11-08 | A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2023-4249 | 2023-11-08 | Zavio IP Camera Stack-Based Buffer Overflow |
| CVE-2023-39435 | 2023-11-08 | Zavio IP Camera Stack-Based Buffer Overflow |
| CVE-2023-43755 | 2023-11-08 | Zavio IP Camera Stack-Based Buffer Overflow |
| CVE-2023-45225 | 2023-11-08 | Zavio IP Camera Stack-Based Buffer Overflow |
| CVE-2023-3959 | 2023-11-08 | Zavio IP Camera Stack-Based Buffer Overflow |
| CVE-2023-37533 | 2023-11-08 | HCL Connections is vulnerable to reflected cross-site scripting |
| CVE-2023-29975 | 2023-11-09 | An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. |
| CVE-2023-45884 | 2023-11-09 | Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. |
| CVE-2023-45885 | 2023-11-09 | Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. |
| CVE-2023-46492 | 2023-11-09 | Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html. |
| CVE-2023-46894 | 2023-11-09 | An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. |
| CVE-2023-47363 | 2023-11-09 | The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| CVE-2023-47364 | 2023-11-09 | The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims |
| CVE-2023-47365 | 2023-11-09 | The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| CVE-2023-47366 | 2023-11-09 | The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| CVE-2023-47367 | 2023-11-09 | The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| CVE-2023-47368 | 2023-11-09 | The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| CVE-2023-47369 | 2023-11-09 | The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications. |
| CVE-2023-47370 | 2023-11-09 | The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| CVE-2023-47372 | 2023-11-09 | The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| CVE-2023-47373 | 2023-11-09 | The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims. |
| CVE-2023-47488 | 2023-11-09 | Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and... |
| CVE-2023-47489 | 2023-11-09 | CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. |
| CVE-2023-20902 | 2023-11-09 | Timing attack risk in Harbor |
| CVE-2023-26156 | 2023-11-09 | Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious... |
| CVE-2023-47613 | 2023-11-09 | A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged... |
| CVE-2023-47248 | 2023-11-09 | PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file |
| CVE-2023-4218 | 2023-11-09 | XXE in eclipse.platform / Eclipse IDE |
| CVE-2023-47612 | 2023-11-09 | A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow... |
| CVE-2023-47616 | 2023-11-09 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could... |
| CVE-2023-6052 | 2023-11-09 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-47615 | 2023-11-09 | A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow... |
| CVE-2023-4612 | 2023-11-09 | MFA bypass in Apereo CAS |
| CVE-2023-43791 | 2023-11-09 | Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens |
| CVE-2023-41138 | 2023-11-09 | The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process. |
| CVE-2023-40054 | 2023-11-09 | SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability |
| CVE-2023-40055 | 2023-11-09 | SolarWinds Network Configuration Manager Directory Traversal Remote Code Execution Vulnerability |
| CVE-2023-41137 | 2023-11-09 | Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. |
| CVE-2023-6039 | 2023-11-09 | Kernel: use-after-free in drivers/net/usb/lan78xx.c in lan78xx_disconnect |
| CVE-2023-47110 | 2023-11-09 | Any value can be changed in the configuration table by an employee having access to block reassurance module |
| CVE-2023-46743 | 2023-11-09 | The same file cannot be opened with different rights |
| CVE-2023-25994 | 2023-11-09 | WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36688 | 2023-11-09 | WordPress Simple Site Verify Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45283 | 2023-11-09 | Insecure parsing of Windows paths with a \??\ prefix in path/filepath |
| CVE-2023-45284 | 2023-11-09 | Incorrect detection of reserved device names on Windows in path/filepath |
| CVE-2023-47610 | 2023-11-09 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system... |
| CVE-2023-25975 | 2023-11-09 | WordPress Etsy Shop Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34002 | 2023-11-09 | WordPress WP Inventory Manager Plugin <= 2.1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31087 | 2023-11-09 | WordPress JS Job Manager Plugin <=2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34386 | 2023-11-09 | WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46614 | 2023-11-09 | WordPress WP Helper Premium Plugin <= 4.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47237 | 2023-11-09 | WordPress WP Google My Business Auto Publish Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47238 | 2023-11-09 | WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34371 | 2023-11-09 | WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6053 | 2023-11-09 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-6054 | 2023-11-09 | Tongda OA 2017 lock.php sql injection |
| CVE-2023-34182 | 2023-11-09 | WordPress LH Password Changer Plugin <= 1.55 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34181 | 2023-11-09 | WordPress WP-Cirrus Plugin <= 0.6.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34178 | 2023-11-09 | WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5539 | 2023-11-09 | Moodle: authenticated remote code execution risk in lesson |
| CVE-2023-34177 | 2023-11-09 | WordPress WP-Cache.com Plugin <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39198 | 2023-11-09 | Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create() |
| CVE-2023-5540 | 2023-11-09 | Moodle: authenticated remote code execution risk in imscp |
| CVE-2023-5541 | 2023-11-09 | Moodle: xss risk when using csv grade import method |
| CVE-2023-34171 | 2023-11-09 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |