CVE List - 2023 / November
Showing 2201 - 2300 of 2443 CVEs for November 2023 (Page 23 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-48950 | 2023-11-29 | An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. |
| CVE-2023-48952 | 2023-11-29 | An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. |
| CVE-2023-45481 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. |
| CVE-2023-48951 | 2023-11-29 | An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. |
| CVE-2023-6070 | 2023-11-29 | A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate... |
| CVE-2023-6348 | 2023-11-29 | Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.... |
| CVE-2023-6347 | 2023-11-29 | Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-6346 | 2023-11-29 | Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-6350 | 2023-11-29 | Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) |
| CVE-2023-6351 | 2023-11-29 | Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) |
| CVE-2023-6345 | 2023-11-29 | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.... |
| CVE-2023-6378 | 2023-11-29 | Logback "receiver" DOS vulnerability |
| CVE-2023-40626 | 2023-11-29 | [20231101] - Core - Exposure of environment variables |
| CVE-2023-49652 | 2023-11-29 | Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials... |
| CVE-2023-49653 | 2023-11-29 | Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. |
| CVE-2023-49654 | 2023-11-29 | Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. |
| CVE-2023-49655 | 2023-11-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. |
| CVE-2023-49656 | 2023-11-29 | Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2023-49673 | 2023-11-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. |
| CVE-2023-49674 | 2023-11-29 | A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and... |
| CVE-2023-49090 | 2023-11-29 | CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS |
| CVE-2023-6217 | 2023-11-29 | MOVEit Transfer XSS via MOVEit Gateway |
| CVE-2023-6218 | 2023-11-29 | MOVEit Transfer Group Admin Privilege Escalation |
| CVE-2023-49083 | 2023-11-29 | cryptography vulnerable to NULL-dereference when loading PKCS7 certificates |
| CVE-2023-49079 | 2023-11-29 | Misskey's missing signature validation allows arbitrary users to impersonate any remote user. |
| CVE-2023-49091 | 2023-11-29 | Jwttoken in Cosmos server never expires after password changed and logging out |
| CVE-2023-44383 | 2023-11-29 | October CMS stored XSS by authenticated backend user with improper configuration |
| CVE-2023-49082 | 2023-11-29 | aiohttp's ClientSession is vulnerable to CRLF injection via method |
| CVE-2022-42536 | 2023-11-29 | Remote code execution |
| CVE-2022-42537 | 2023-11-29 | Remote code execution |
| CVE-2022-42538 | 2023-11-29 | Elevation of privilege |
| CVE-2022-42539 | 2023-11-29 | Information disclosure |
| CVE-2022-42540 | 2023-11-29 | Elevation of privilege |
| CVE-2022-42541 | 2023-11-29 | Remote code execution |
| CVE-2023-49693 | 2023-11-29 | NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol |
| CVE-2023-49694 | 2023-11-29 | NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server |
| CVE-2023-40458 | 2023-11-29 | AceManager DOS Vulnerability |
| CVE-2021-35975 | 2023-11-30 | Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname... |
| CVE-2023-46326 | 2023-11-30 | ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation. |
| CVE-2023-46386 | 2023-11-30 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass... |
| CVE-2023-46387 | 2023-11-30 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device... |
| CVE-2023-46388 | 2023-11-30 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass... |
| CVE-2023-46389 | 2023-11-30 | LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. |
| CVE-2023-46956 | 2023-11-30 | SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. |
| CVE-2023-47307 | 2023-11-30 | Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter. |
| CVE-2023-47418 | 2023-11-30 | Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript. |
| CVE-2023-47452 | 2023-11-30 | An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. |
| CVE-2023-47453 | 2023-11-30 | An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. |
| CVE-2023-47454 | 2023-11-30 | An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. |
| CVE-2023-47463 | 2023-11-30 | Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function. |
| CVE-2023-47464 | 2023-11-30 | Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. |
| CVE-2023-48803 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution... |
| CVE-2023-48804 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution... |
| CVE-2023-48805 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution... |
| CVE-2023-48806 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution... |
| CVE-2023-48807 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution... |
| CVE-2023-48808 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution... |
| CVE-2023-48810 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution... |
| CVE-2023-48811 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command... |
| CVE-2023-48812 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command... |
| CVE-2023-48894 | 2023-11-30 | Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. |
| CVE-2023-48912 | 2023-11-30 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. |
| CVE-2023-48913 | 2023-11-30 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. |
| CVE-2023-48914 | 2023-11-30 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. |
| CVE-2023-48963 | 2023-11-30 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. |
| CVE-2023-48964 | 2023-11-30 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. |
| CVE-2023-49052 | 2023-11-30 | File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. |
| CVE-2023-46383 | 2023-11-30 | LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full... |
| CVE-2023-46384 | 2023-11-30 | LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec... |
| CVE-2023-46385 | 2023-11-30 | LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers... |
| CVE-2023-48802 | 2023-11-30 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution... |
| CVE-2023-3741 | 2023-11-30 | An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device. |
| CVE-2023-35137 | 2023-11-30 | An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by... |
| CVE-2023-35138 | 2023-11-30 | A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system... |
| CVE-2023-37927 | 2023-11-30 | The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some... |
| CVE-2023-37928 | 2023-11-30 | A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating... |
| CVE-2023-4473 | 2023-11-30 | A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system... |
| CVE-2023-4474 | 2023-11-30 | The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some... |
| CVE-2023-5772 | 2023-11-30 | The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-5247 | 2023-11-30 | Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code... |
| CVE-2023-49097 | 2023-11-30 | ZITADEL vulnerable account takeover via malicious host header injection |
| CVE-2023-49094 | 2023-11-30 | Symbolicator Server Side Request Forgery vulnerability |
| CVE-2023-49087 | 2023-11-30 | Validation of SignedInfo |
| CVE-2023-49076 | 2023-11-30 | Pimcore missing token/header to prevent CSRF |
| CVE-2023-49081 | 2023-11-30 | aiohttp's ClientSession is vulnerable to CRLF injection via version |
| CVE-2023-49699 | 2023-11-30 | Out-of-bounds access a buffer in IMS |
| CVE-2023-49095 | 2023-11-30 | nexkey allows arbitrary users to impersonate any remote user due to missing signature validation |
| CVE-2023-49700 | 2023-11-30 | Buffer Copy Without Checking size of input in IMS |
| CVE-2023-49077 | 2023-11-30 | mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation |
| CVE-2023-49701 | 2023-11-30 | Out-of-bounds access a buffer in SIM management |
| CVE-2022-45135 | 2023-11-30 | Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction |
| CVE-2023-49620 | 2023-11-30 | Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for |
| CVE-2021-36806 | 2023-11-30 | A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4. |
| CVE-2023-48743 | 2023-11-30 | WordPress Simply Exclude Plugin <= 2.0.6.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48737 | 2023-11-30 | WordPress TriPay Payment Gateway Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48336 | 2023-11-30 | WordPress Easy Social Icons Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48329 | 2023-11-30 | WordPress Fast Custom Social Share by CodeBard Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48326 | 2023-11-30 | WordPress Events Manager Plugin <= 6.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48322 | 2023-11-30 | WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48289 | 2023-11-30 | WordPress Import Spreadsheets from Microsoft Excel Plugin <= 10.1.3 is vulnerable to Cross Site Scripting (XSS) |