CVE List - 2023 / December
Showing 1 - 100 of 2673 CVEs for December 2023 (Page 1 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-43454 | 2023-12-01 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. |
| CVE-2023-43455 | 2023-12-01 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. |
| CVE-2023-45252 | 2023-12-01 | DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users,... |
| CVE-2023-45253 | 2023-12-01 | An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. |
| CVE-2023-48016 | 2023-12-01 | Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. |
| CVE-2023-48801 | 2023-12-01 | In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a... |
| CVE-2023-48813 | 2023-12-01 | Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. |
| CVE-2023-48886 | 2023-12-01 | A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. |
| CVE-2023-48887 | 2023-12-01 | A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. |
| CVE-2023-48893 | 2023-12-01 | SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. |
| CVE-2023-49371 | 2023-12-01 | RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. |
| CVE-2023-48842 | 2023-12-01 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. |
| CVE-2023-43089 | 2023-12-01 | Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of... |
| CVE-2023-5915 | 2023-12-01 | A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to... |
| CVE-2023-5995 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-6033 | 2023-12-01 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2023-5226 | 2023-12-01 | Improper Control of Generation of Code ('Code Injection') in GitLab |
| CVE-2023-4912 | 2023-12-01 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-4658 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-4317 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-3949 | 2023-12-01 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-3964 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-3443 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-5427 | 2023-12-01 | Mali GPU Kernel Driver allows improper GPU processing operations |
| CVE-2023-6449 | 2023-12-01 | The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function... |
| CVE-2023-5634 | 2023-12-01 | SQLi in ArslanSoft's Education Portal |
| CVE-2023-5635 | 2023-12-01 | User Enumeration in ArslanSoft's Education Portal |
| CVE-2023-6461 | 2023-12-01 | Cross-site Scripting (XSS) - Reflected in viliusle/minipaint |
| CVE-2023-5637 | 2023-12-01 | Plaintext Storage of a Password in ArslanSoft's Education Portal |
| CVE-2023-5636 | 2023-12-01 | Malicious File Upload in ArslanSoft's Education Portal |
| CVE-2023-28895 | 2023-12-01 | Hard-coded password for access to power controller chip memory |
| CVE-2023-28896 | 2023-12-01 | Weak encoding for password in UDS services |
| CVE-2023-45168 | 2023-12-01 | IBM AIX command execution |
| CVE-2023-4518 | 2023-12-01 | A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order... |
| CVE-2023-42006 | 2023-12-01 | IBM i information disclosure |
| CVE-2023-26024 | 2023-12-01 | IBM Planning Analytics on Cloud Pak for Data information disclosure |
| CVE-2023-38268 | 2023-12-01 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2023-43015 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-49277 | 2023-12-01 | Reflected Cross-site Scripting Vulnerability in dpaste |
| CVE-2023-42009 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-43021 | 2023-12-01 | IBM InfoSphere Information Server information disclosure |
| CVE-2023-42022 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-40699 | 2023-12-01 | IBM InfoSphere Information Server denial of service |
| CVE-2023-42019 | 2023-12-01 | IBM InfoSphere Information Server information disclosure |
| CVE-2023-46174 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-6462 | 2023-12-01 | SourceCodester User Registration and Login System delete-user.php cross site scripting |
| CVE-2023-44402 | 2023-12-01 | ASAR Integrity bypass via filetype confusion in electron |
| CVE-2023-44382 | 2023-12-01 | October CMS safe mode bypass using Twig sandbox escape |
| CVE-2023-44381 | 2023-12-01 | October CMS safe mode bypass using Page template injection |
| CVE-2023-46746 | 2023-12-01 | Authenticated PostHog users vulnerable to SSRF |
| CVE-2023-48314 | 2023-12-01 | Unescaped passing of the request URL in Collabora Online |
| CVE-2023-49276 | 2023-12-01 | Attribute Injection leading to XSS(Cross-Site-Scripting) in uptime-kuma |
| CVE-2023-49281 | 2023-12-01 | Open Redirect in Login Function of Calendarinho |
| CVE-2023-6463 | 2023-12-01 | SourceCodester User Registration and Login System add-user.php cross site scripting |
| CVE-2023-49914 | 2023-12-02 | InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that... |
| CVE-2023-39256 | 2023-12-02 | Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an... |
| CVE-2023-39257 | 2023-12-02 | Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an... |
| CVE-2023-6464 | 2023-12-02 | SourceCodester User Registration and Login System add-user.php sql injection |
| CVE-2023-6465 | 2023-12-02 | PHPGurukul Nipah Virus Testing Management System registered-user-testing.php cross site scripting |
| CVE-2023-6466 | 2023-12-02 | Thecosy IceCMS User Comment planet cross site scripting |
| CVE-2023-6467 | 2023-12-02 | Thecosy IceCMS Comment Like improper enforcement of a single, unique action |
| CVE-2023-6472 | 2023-12-02 | PHPEMS Content Section api.cls.php cross site scripting |
| CVE-2023-6473 | 2023-12-02 | SourceCodester Online Quiz System take-quiz.php cross site scripting |
| CVE-2023-6474 | 2023-12-02 | PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery |
| CVE-2023-49926 | 2023-12-03 | app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. |
| CVE-2023-49946 | 2023-12-03 | In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues,... |
| CVE-2023-49947 | 2023-12-03 | Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication. |
| CVE-2023-49948 | 2023-12-03 | Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL. |
| CVE-2018-25094 | 2023-12-03 | ระบบบัญชีออนไลน์ Online Accounting System image.php path traversal |
| CVE-2020-36768 | 2023-12-03 | rl-institut NESP2 database.py sql injection |
| CVE-2023-45178 | 2023-12-03 | IBM Db2 denial of service |
| CVE-2022-4957 | 2023-12-03 | librespeed speedtest stats.php cross site scripting |
| CVE-2023-40692 | 2023-12-03 | IBM Db2 denial of service |
| CVE-2022-46480 | 2023-12-04 | Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and... |
| CVE-2023-24046 | 2023-12-04 | An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. |
| CVE-2023-24047 | 2023-12-04 | An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm. |
| CVE-2023-24048 | 2023-12-04 | Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. |
| CVE-2023-24050 | 2023-12-04 | Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel. |
| CVE-2023-24051 | 2023-12-04 | A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. |
| CVE-2023-24052 | 2023-12-04 | An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password. |
| CVE-2023-26941 | 2023-12-04 | Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. |
| CVE-2023-26942 | 2023-12-04 | Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. |
| CVE-2023-26943 | 2023-12-04 | Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. |
| CVE-2023-41613 | 2023-12-04 | EzViz Studio v2.2.0 is vulnerable to DLL hijacking. |
| CVE-2023-48799 | 2023-12-04 | TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. |
| CVE-2023-48800 | 2023-12-04 | In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a... |
| CVE-2023-48815 | 2023-12-04 | kkFileView v4.3.0 is vulnerable to Incorrect Access Control. |
| CVE-2023-48910 | 2023-12-04 | Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information... |
| CVE-2023-48965 | 2023-12-04 | An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. |
| CVE-2023-48966 | 2023-12-04 | An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. |
| CVE-2023-48967 | 2023-12-04 | Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. |
| CVE-2023-24049 | 2023-12-04 | An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. |
| CVE-2023-48863 | 2023-12-04 | SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL... |
| CVE-2023-48866 | 2023-12-04 | A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies. |
| CVE-2023-46167 | 2023-12-04 | IBM Db2 denial of service |
| CVE-2023-38003 | 2023-12-04 | IBM Db2 command execution |
| CVE-2023-47701 | 2023-12-04 | IBM Db2 denial of service |
| CVE-2023-42671 | 2023-12-04 | In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no... |
| CVE-2023-42672 | 2023-12-04 | In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no... |
| CVE-2023-42673 | 2023-12-04 | In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no... |