CVE List - 2023 / November
Showing 2101 - 2200 of 2443 CVEs for November 2023 (Page 22 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5641 | 2023-11-27 | Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS |
| CVE-2023-5525 | 2023-11-27 | Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update |
| CVE-2023-5620 | 2023-11-27 | Webpushr < 4.35.0 - Unauthenticated Stored XSS |
| CVE-2023-6329 | 2023-11-27 | Control iD iDSecure passwordCustom Authentication Bypass |
| CVE-2023-41998 | 2023-11-27 | Arcserve UDP Unauthenticated RCE |
| CVE-2023-41999 | 2023-11-27 | Arcserve UDP Management Authentication Bypass |
| CVE-2023-42000 | 2023-11-27 | Arcserve UDP Agent Unauthenticated Path Traversal File Upload |
| CVE-2022-41951 | 2023-11-27 | OroPlatform vulnerable to path traversal during temporary file manipulations |
| CVE-2023-32062 | 2023-11-27 | OroCalendarBundle has incorrect system calendar events visibility |
| CVE-2023-5885 | 2023-11-27 | Franklin Electric Fueling Systems Colibri Path Traversal |
| CVE-2023-49145 | 2023-11-27 | Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt |
| CVE-2023-24023 | 2023-11-28 | Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections... |
| CVE-2023-45539 | 2023-11-28 | HAProxy before 2.8.2 accepts # as part of the URI... |
| CVE-2023-46944 | 2023-11-28 | An issue in GitKraken GitLens before v.14.0.0 allows an attacker... |
| CVE-2023-47503 | 2023-11-28 | An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker... |
| CVE-2023-48022 | 2023-11-28 | Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to... |
| CVE-2023-48023 | 2023-11-28 | Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the... |
| CVE-2023-48042 | 2023-11-28 | Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing... |
| CVE-2023-48121 | 2023-11-28 | An authentication bypass vulnerability in the Direct Connection Module in... |
| CVE-2023-48193 | 2023-11-28 | Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote... |
| CVE-2023-48848 | 2023-11-28 | An arbitrary file read vulnerability in ureport v2.2.9 allows a... |
| CVE-2023-49313 | 2023-11-28 | A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to... |
| CVE-2023-49314 | 2023-11-28 | Asana Desktop 2.1.0 on macOS allows code injection because of... |
| CVE-2023-41264 | 2023-11-28 | Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows... |
| CVE-2023-35136 | 2023-11-28 | An improper input validation vulnerability in the “Quagga” package of... |
| CVE-2023-35139 | 2023-11-28 | A cross-site scripting (XSS) vulnerability in the CGI program of... |
| CVE-2023-30585 | 2023-11-28 | A vulnerability has been identified in the Node.js (.msi version)... |
| CVE-2023-37925 | 2023-11-28 | An improper privilege management vulnerability in the debug CLI command... |
| CVE-2023-37926 | 2023-11-28 | A buffer overflow vulnerability in the Zyxel ATP series firmware... |
| CVE-2023-4397 | 2023-11-28 | A buffer overflow vulnerability in the Zyxel ATP series firmware... |
| CVE-2023-4398 | 2023-11-28 | An integer overflow vulnerability in the source code of the... |
| CVE-2023-5650 | 2023-11-28 | An improper privilege management vulnerability in the ZySH of the... |
| CVE-2023-5797 | 2023-11-28 | An improper privilege management vulnerability in the debug CLI command... |
| CVE-2023-5960 | 2023-11-28 | An improper privilege management vulnerability in the hotspot feature of... |
| CVE-2023-6219 | 2023-11-28 | The BookingPress plugin for WordPress is vulnerable to arbitrary file... |
| CVE-2023-32063 | 2023-11-28 | OroCRMCallBundle has incorrect call view page visibility |
| CVE-2023-32064 | 2023-11-28 | OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility |
| CVE-2023-32065 | 2023-11-28 | OroCommerce get-totals-for-checkout API endpoint returns unwanted data |
| CVE-2023-48713 | 2023-11-28 | Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler |
| CVE-2023-6226 | 2023-11-28 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress... |
| CVE-2023-6225 | 2023-11-28 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress... |
| CVE-2023-49075 | 2023-11-28 | Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls |
| CVE-2023-3368 | 2023-11-28 | Chamilo LMS Unauthenticated Command Injection |
| CVE-2023-3533 | 2023-11-28 | Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write |
| CVE-2023-3545 | 2023-11-28 | Chamilo LMS Htaccess File Upload Security Bypass |
| CVE-2023-4220 | 2023-11-28 | Chamilo LMS Unauthenticated Big Upload File Remote Code Execution |
| CVE-2023-4221 | 2023-11-28 | Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability |
| CVE-2023-4222 | 2023-11-28 | Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability |
| CVE-2023-4223 | 2023-11-28 | Chamilo LMS File Upload Functionality Remote Code Execution |
| CVE-2023-4224 | 2023-11-28 | Chamilo LMS File Upload Functionality Remote Code Execution |
| CVE-2023-4226 | 2023-11-28 | Chamilo LMS File Upload Functionality Remote Code Execution |
| CVE-2023-4225 | 2023-11-28 | Chamilo LMS File Upload Functionality Remote Code Execution |
| CVE-2023-4667 | 2023-11-28 | Stored Cross Site Scripting in webserver administration |
| CVE-2023-34053 | 2023-11-28 | Spring Framework server Web Observations DoS Vulnerability |
| CVE-2023-34054 | 2023-11-28 | Reactor Netty HTTP Server Metrics DoS Vulnerability |
| CVE-2023-34055 | 2023-11-28 | Spring Boot server Web Observations DoS Vulnerability |
| CVE-2023-6150 | 2023-11-28 | Information Disclosure in Eskom E-municipality |
| CVE-2023-6151 | 2023-11-28 | Information Disclosure in Eskom E-municipality |
| CVE-2023-42004 | 2023-11-28 | IBM Security Guardium CSV injection |
| CVE-2023-6201 | 2023-11-28 | Command Injection in Univera Panorama Framework |
| CVE-2023-5981 | 2023-11-28 | Gnutls: timing side-channel in the rsa-psk authentication |
| CVE-2023-6359 | 2023-11-28 | Cross-Site Scripting in Alumne LMS |
| CVE-2023-6239 | 2023-11-28 | Incorrect calculation of effective permissions |
| CVE-2022-41678 | 2023-11-28 | Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE |
| CVE-2023-46589 | 2023-11-28 | Apache Tomcat: HTTP request smuggling via malformed trailer headers |
| CVE-2023-49062 | 2023-11-28 | Katran could disclose non-initialized kernel memory as part of an... |
| CVE-2023-42502 | 2023-11-28 | Apache Superset: Open Redirect Vulnerability |
| CVE-2023-42505 | 2023-11-28 | Apache Superset: Sensitive information disclosure on db connection details |
| CVE-2023-45286 | 2023-11-28 | HTTP request body disclosure in github.com/go-resty/resty/v2 |
| CVE-2023-40056 | 2023-11-28 | SolarWinds Platform SQL Injection Remote Code Execution Vulnerability |
| CVE-2023-42504 | 2023-11-28 | Apache Superset: Lack of rate limiting allows for possible denial of service |
| CVE-2023-49078 | 2023-11-28 | Cross-Site Scripting vulnerability in raptor-web 0.4.4 |
| CVE-2023-30588 | 2023-11-28 | When an invalid public key is used to create an... |
| CVE-2023-30590 | 2023-11-28 | The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing... |
| CVE-2023-29060 | 2023-11-28 | Lack of USB Whitelisting |
| CVE-2023-29061 | 2023-11-28 | Lack of Adequate BIOS Authentication |
| CVE-2023-29062 | 2023-11-28 | Unsecure Identity Verification |
| CVE-2023-29063 | 2023-11-28 | Lack of DMA Access Protections |
| CVE-2023-29064 | 2023-11-28 | Hardcoded Secrets |
| CVE-2023-29065 | 2023-11-28 | Overly Permissive Access Policy |
| CVE-2023-29066 | 2023-11-28 | Incorrect User Management |
| CVE-2023-49092 | 2023-11-28 | RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels |
| CVE-2023-23324 | 2023-11-29 | Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered... |
| CVE-2023-23325 | 2023-11-29 | Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered... |
| CVE-2023-24294 | 2023-11-29 | Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered... |
| CVE-2023-45479 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack... |
| CVE-2023-45480 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack... |
| CVE-2023-45482 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack... |
| CVE-2023-45483 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack... |
| CVE-2023-45484 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack... |
| CVE-2023-46886 | 2023-11-29 | Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal.... |
| CVE-2023-46887 | 2023-11-29 | In Dreamer CMS before 4.0.1, the backend attachment management office... |
| CVE-2023-47462 | 2023-11-29 | Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows... |
| CVE-2023-48880 | 2023-11-29 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows... |
| CVE-2023-48881 | 2023-11-29 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows... |
| CVE-2023-48882 | 2023-11-29 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows... |
| CVE-2023-48945 | 2023-11-29 | A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to... |
| CVE-2023-48946 | 2023-11-29 | An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11... |
| CVE-2023-48947 | 2023-11-29 | An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11... |
| CVE-2023-48948 | 2023-11-29 | An issue in the box_div function in openlink virtuoso-opensource v7.2.11... |