CVE List - 2023 / November
Showing 2201 - 2300 of 2443 CVEs for November 2023 (Page 23 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-48949 | 2023-11-29 | An issue in the box_add function in openlink virtuoso-opensource v7.2.11... |
| CVE-2023-48950 | 2023-11-29 | An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11... |
| CVE-2023-48952 | 2023-11-29 | An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11... |
| CVE-2023-45481 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack... |
| CVE-2023-48951 | 2023-11-29 | An issue in the box_equal function in openlink virtuoso-opensource v7.2.11... |
| CVE-2023-6070 | 2023-11-29 | A server-side request forgery vulnerability in ESM prior to version... |
| CVE-2023-6348 | 2023-11-29 | Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199... |
| CVE-2023-6347 | 2023-11-29 | Use after free in Mojo in Google Chrome prior to... |
| CVE-2023-6346 | 2023-11-29 | Use after free in WebAudio in Google Chrome prior to... |
| CVE-2023-6350 | 2023-11-29 | Use after free in libavif in Google Chrome prior to... |
| CVE-2023-6351 | 2023-11-29 | Use after free in libavif in Google Chrome prior to... |
| CVE-2023-6345 | 2023-11-29 | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199... |
| CVE-2023-6378 | 2023-11-29 | Logback "receiver" DOS vulnerability |
| CVE-2023-40626 | 2023-11-29 | [20231101] - Core - Exposure of environment variables |
| CVE-2023-49652 | 2023-11-29 | Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11... |
| CVE-2023-49653 | 2023-11-29 | Jenkins Jira Plugin 3.11 and earlier does not set the... |
| CVE-2023-49654 | 2023-11-29 | Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier... |
| CVE-2023-49655 | 2023-11-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin... |
| CVE-2023-49656 | 2023-11-29 | Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its... |
| CVE-2023-49673 | 2023-11-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability... |
| CVE-2023-49674 | 2023-11-29 | A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin... |
| CVE-2023-49090 | 2023-11-29 | CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS |
| CVE-2023-6217 | 2023-11-29 | MOVEit Transfer XSS via MOVEit Gateway |
| CVE-2023-6218 | 2023-11-29 | MOVEit Transfer Group Admin Privilege Escalation |
| CVE-2023-49083 | 2023-11-29 | cryptography vulnerable to NULL-dereference when loading PKCS7 certificates |
| CVE-2023-49079 | 2023-11-29 | Misskey's missing signature validation allows arbitrary users to impersonate any remote user. |
| CVE-2023-49091 | 2023-11-29 | Jwttoken in Cosmos server never expires after password changed and logging out |
| CVE-2023-44383 | 2023-11-29 | October CMS stored XSS by authenticated backend user with improper configuration |
| CVE-2023-49082 | 2023-11-29 | aiohttp's ClientSession is vulnerable to CRLF injection via method |
| CVE-2022-42536 | 2023-11-29 | Remote code execution |
| CVE-2022-42537 | 2023-11-29 | Remote code execution |
| CVE-2022-42538 | 2023-11-29 | Elevation of privilege |
| CVE-2022-42539 | 2023-11-29 | Information disclosure |
| CVE-2022-42540 | 2023-11-29 | Elevation of privilege |
| CVE-2022-42541 | 2023-11-29 | Remote code execution |
| CVE-2023-49693 | 2023-11-29 | NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol |
| CVE-2023-49694 | 2023-11-29 | NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server |
| CVE-2023-40458 | 2023-11-29 | AceManager DOS Vulnerability |
| CVE-2021-35975 | 2023-11-30 | Absolute path traversal vulnerability in the Systematica SMTP Adapter component... |
| CVE-2023-46326 | 2023-11-30 | ZStack Cloud version 3.10.38 and before allows unauthenticated API access... |
| CVE-2023-46383 | 2023-11-30 | LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic... |
| CVE-2023-46384 | 2023-11-30 | LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to... |
| CVE-2023-46385 | 2023-11-30 | LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to... |
| CVE-2023-46386 | 2023-11-30 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are... |
| CVE-2023-46387 | 2023-11-30 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are... |
| CVE-2023-46388 | 2023-11-30 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are... |
| CVE-2023-46389 | 2023-11-30 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are... |
| CVE-2023-46956 | 2023-11-30 | SQL injection vulnerability in Packers and Movers Management System v.1.0... |
| CVE-2023-47307 | 2023-11-30 | Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co.,... |
| CVE-2023-47418 | 2023-11-30 | Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and... |
| CVE-2023-47452 | 2023-11-30 | An Untrusted search path vulnerability in notepad++ 6.5 allows local... |
| CVE-2023-47453 | 2023-11-30 | An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0... |
| CVE-2023-47454 | 2023-11-30 | An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for... |
| CVE-2023-47463 | 2023-11-30 | Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0... |
| CVE-2023-47464 | 2023-11-30 | Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0... |
| CVE-2023-48803 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains... |
| CVE-2023-48804 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains... |
| CVE-2023-48805 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains... |
| CVE-2023-48806 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains... |
| CVE-2023-48807 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains... |
| CVE-2023-48808 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains... |
| CVE-2023-48810 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains... |
| CVE-2023-48811 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains... |
| CVE-2023-48812 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains... |
| CVE-2023-48894 | 2023-11-30 | Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to... |
| CVE-2023-48912 | 2023-11-30 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request... |
| CVE-2023-48913 | 2023-11-30 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request... |
| CVE-2023-48914 | 2023-11-30 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request... |
| CVE-2023-48963 | 2023-11-30 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. |
| CVE-2023-48964 | 2023-11-30 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. |
| CVE-2023-49052 | 2023-11-30 | File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker... |
| CVE-2023-48802 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains... |
| CVE-2023-3741 | 2023-11-30 | An OS Command injection vulnerability in NEC Platforms DT900 and... |
| CVE-2023-35137 | 2023-11-30 | An improper authentication vulnerability in the authentication module of the... |
| CVE-2023-35138 | 2023-11-30 | A command injection vulnerability in the “show_zysync_server_contents” function of the... |
| CVE-2023-37927 | 2023-11-30 | The improper neutralization of special elements in the CGI program... |
| CVE-2023-37928 | 2023-11-30 | A post-authentication command injection vulnerability in the WSGI server of... |
| CVE-2023-4473 | 2023-11-30 | A command injection vulnerability in the web server of the... |
| CVE-2023-4474 | 2023-11-30 | The improper neutralization of special elements in the WSGI server... |
| CVE-2023-5772 | 2023-11-30 | The Debug Log Manager plugin for WordPress is vulnerable to... |
| CVE-2023-5247 | 2023-11-30 | Malicious Code Execution Vulnerability due to External Control of File... |
| CVE-2023-49097 | 2023-11-30 | ZITADEL vulnerable account takeover via malicious host header injection |
| CVE-2023-49094 | 2023-11-30 | Symbolicator Server Side Request Forgery vulnerability |
| CVE-2023-49087 | 2023-11-30 | Validation of SignedInfo |
| CVE-2023-49076 | 2023-11-30 | Pimcore missing token/header to prevent CSRF |
| CVE-2023-49081 | 2023-11-30 | aiohttp's ClientSession is vulnerable to CRLF injection via version |
| CVE-2023-49699 | 2023-11-30 | Out-of-bounds access a buffer in IMS |
| CVE-2023-49095 | 2023-11-30 | nexkey allows arbitrary users to impersonate any remote user due to missing signature validation |
| CVE-2023-49700 | 2023-11-30 | Buffer Copy Without Checking size of input in IMS |
| CVE-2023-49077 | 2023-11-30 | mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation |
| CVE-2023-49701 | 2023-11-30 | Out-of-bounds access a buffer in SIM management |
| CVE-2022-45135 | 2023-11-30 | Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction |
| CVE-2023-49620 | 2023-11-30 | Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for |
| CVE-2021-36806 | 2023-11-30 | A reflected XSS vulnerability allows an open redirect when the... |
| CVE-2023-48743 | 2023-11-30 | WordPress Simply Exclude Plugin <= 2.0.6.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48737 | 2023-11-30 | WordPress TriPay Payment Gateway Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48336 | 2023-11-30 | WordPress Easy Social Icons Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48329 | 2023-11-30 | WordPress Fast Custom Social Share by CodeBard Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48326 | 2023-11-30 | WordPress Events Manager Plugin <= 6.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48322 | 2023-11-30 | WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS) |