CVE List - 2023 / November
Showing 1301 - 1400 of 2443 CVEs for November 2023 (Page 14 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-47520 | 2023-11-14 | WordPress Responsive Column Widgets Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47518 | 2023-11-14 | WordPress Restrict Categories Plugin <= 2.6.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47517 | 2023-11-14 | WordPress SendPress Newsletters Plugin <= 1.23.11.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39202 | 2023-11-14 | Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. |
| CVE-2023-39203 | 2023-11-14 | Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network... |
| CVE-2023-39204 | 2023-11-14 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. |
| CVE-2023-39205 | 2023-11-14 | Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. |
| CVE-2023-45614 | 2023-11-14 | There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point... |
| CVE-2023-45615 | 2023-11-14 | There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point... |
| CVE-2023-45616 | 2023-11-14 | There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's... |
| CVE-2023-45617 | 2023-11-14 | There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary... |
| CVE-2023-45618 | 2023-11-14 | There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete... |
| CVE-2023-45619 | 2023-11-14 | There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete... |
| CVE-2023-45620 | 2023-11-14 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the... |
| CVE-2023-45621 | 2023-11-14 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the... |
| CVE-2023-45622 | 2023-11-14 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of... |
| CVE-2023-45623 | 2023-11-14 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of... |
| CVE-2023-5189 | 2023-11-14 | Hub: insecure galaxy-importer tarfile extraction |
| CVE-2023-45624 | 2023-11-14 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation... |
| CVE-2023-45625 | 2023-11-14 | Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the... |
| CVE-2023-45626 | 2023-11-14 | An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. |
| CVE-2023-45627 | 2023-11-14 | An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. |
| CVE-2023-39206 | 2023-11-14 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. |
| CVE-2023-39199 | 2023-11-14 | Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. |
| CVE-2023-43588 | 2023-11-14 | Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. |
| CVE-2023-43582 | 2023-11-14 | Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. |
| CVE-2023-43590 | 2023-11-14 | Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. |
| CVE-2023-43591 | 2023-11-14 | Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. |
| CVE-2023-31100 | 2023-11-14 | Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0... |
| CVE-2023-38543 | 2023-11-14 | A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a... |
| CVE-2023-38043 | 2023-11-14 | A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a... |
| CVE-2023-38544 | 2023-11-14 | A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of... |
| CVE-2023-35080 | 2023-11-14 | A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks,... |
| CVE-2023-39335 | 2023-11-14 | A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process.... |
| CVE-2023-41718 | 2023-11-14 | When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. |
| CVE-2023-39337 | 2023-11-14 | A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device... |
| CVE-2023-46121 | 2023-11-14 | Generic Extractor MITM Vulnerability in yt-dlp |
| CVE-2023-40923 | 2023-11-15 | MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. |
| CVE-2023-41442 | 2023-11-15 | An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT... |
| CVE-2023-41597 | 2023-11-15 | EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. |
| CVE-2023-43979 | 2023-11-15 | ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts(). |
| CVE-2023-47308 | 2023-11-15 | In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()`... |
| CVE-2023-47309 | 2023-11-15 | Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile. |
| CVE-2023-47345 | 2023-11-15 | Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is... |
| CVE-2023-47347 | 2023-11-15 | Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes. |
| CVE-2023-47444 | 2023-11-15 | An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution... |
| CVE-2023-47445 | 2023-11-15 | Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page. |
| CVE-2023-47446 | 2023-11-15 | Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter. |
| CVE-2023-48011 | 2023-11-15 | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. |
| CVE-2023-48013 | 2023-11-15 | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. |
| CVE-2023-48014 | 2023-11-15 | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. |
| CVE-2023-48087 | 2023-11-15 | xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. |
| CVE-2023-48088 | 2023-11-15 | xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. |
| CVE-2023-48089 | 2023-11-15 | xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. |
| CVE-2023-48204 | 2023-11-15 | An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. |
| CVE-2023-48197 | 2023-11-15 | Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. |
| CVE-2023-48198 | 2023-11-15 | A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies. |
| CVE-2023-48199 | 2023-11-15 | HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized,... |
| CVE-2023-48200 | 2023-11-15 | Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component. |
| CVE-2023-48365 | 2023-11-15 | Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to... |
| CVE-2023-47678 | 2023-11-15 | An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device... |
| CVE-2023-5984 | 2023-11-15 | A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could... |
| CVE-2023-5985 | 2023-11-15 | A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values. |
| CVE-2023-5986 | 2023-11-15 | A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause... |
| CVE-2023-5987 | 2023-11-15 | A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a... |
| CVE-2023-6032 | 2023-11-15 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to... |
| CVE-2023-47580 | 2023-11-15 | Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a... |
| CVE-2023-47581 | 2023-11-15 | Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may... |
| CVE-2023-47582 | 2023-11-15 | Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file),... |
| CVE-2023-47583 | 2023-11-15 | Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code... |
| CVE-2023-47584 | 2023-11-15 | Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary... |
| CVE-2023-47585 | 2023-11-15 | Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary... |
| CVE-2023-47586 | 2023-11-15 | Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed... |
| CVE-2023-6133 | 2023-11-15 | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible... |
| CVE-2023-4889 | 2023-11-15 | The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on... |
| CVE-2023-46672 | 2023-11-15 | Logstash Insertion of Sensitive Information into Log File |
| CVE-2023-34062 | 2023-11-15 | In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can... |
| CVE-2023-23549 | 2023-11-15 | DoS via long hostnames |
| CVE-2023-4602 | 2023-11-15 | The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output... |
| CVE-2023-5245 | 2023-11-15 | Using MLeap for loading a saved model (zip archive) can lead to path traversal/arbitrary file creation and possibly remote code execution. |
| CVE-2023-5720 | 2023-11-15 | Quarkus: build env information disclosure via gradle plugin |
| CVE-2023-5676 | 2023-11-15 | Eclipse OpenJ9 possible infinite busy hang |
| CVE-2023-33873 | 2023-11-15 | AVEVA Operations Control Logger Execution with Unnecessary Privileges |
| CVE-2023-34982 | 2023-11-15 | AVEVA Operations Control Logger External Control of File Name or Path |
| CVE-2023-5997 | 2023-11-15 | Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-6112 | 2023-11-15 | Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-48219 | 2023-11-15 | Special characters in unescaped text nodes can trigger mXSS in TinyMCE |
| CVE-2023-47637 | 2023-11-15 | SQL Injection in Admin Grid Filter API in Pimcore |
| CVE-2023-47636 | 2023-11-15 | Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle |
| CVE-2023-30954 | 2023-11-15 | Gotham Video Broken Authentication |
| CVE-2023-41699 | 2023-11-15 | Payara Platform: URL Redirection to untrusted site using FORM authentication |
| CVE-2023-22818 | 2023-11-15 | Multiple DLL Search Order hijacking Vulnerabilities in SanDisk Security Installer for Windows |
| CVE-2023-48224 | 2023-11-15 | Cryptographically Weak Generation of One-Time Codes for Identity Verification in ethyca-fides |
| CVE-2023-6105 | 2023-11-15 | ManageEngine Information Disclosure in Multiple Products |
| CVE-2023-4689 | 2023-11-15 | The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on... |
| CVE-2023-4723 | 2023-11-15 | The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to... |
| CVE-2023-5381 | 2023-11-15 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output... |
| CVE-2023-4690 | 2023-11-15 | The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on... |
| CVE-2021-35437 | 2023-11-16 | SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class. |
| CVE-2023-43275 | 2023-11-16 | Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the... |