CVE List - 2023 / December
Showing 1001 - 1100 of 2673 CVEs for December 2023 (Page 11 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-47321 | 2023-12-13 | Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. |
| CVE-2023-47322 | 2023-12-13 | The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated... |
| CVE-2023-47323 | 2023-12-13 | The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those... |
| CVE-2023-47324 | 2023-12-13 | Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. |
| CVE-2023-47326 | 2023-12-13 | Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. |
| CVE-2023-47327 | 2023-12-13 | The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space... |
| CVE-2023-47573 | 2023-12-13 | An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions. |
| CVE-2023-47574 | 2023-12-13 | An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled. |
| CVE-2023-47575 | 2023-12-13 | An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS. |
| CVE-2023-47576 | 2023-12-13 | An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface. |
| CVE-2023-47577 | 2023-12-13 | An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password. |
| CVE-2023-47578 | 2023-12-13 | Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface. |
| CVE-2023-47579 | 2023-12-13 | Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system. |
| CVE-2023-49363 | 2023-12-13 | Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. |
| CVE-2023-50439 | 2023-12-13 | ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL... |
| CVE-2023-50441 | 2023-12-13 | Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC... |
| CVE-2023-50442 | 2023-12-13 | Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification... |
| CVE-2023-50443 | 2023-12-13 | Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC... |
| CVE-2023-50444 | 2023-12-13 | By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification... |
| CVE-2023-34194 | 2023-12-13 | StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace. |
| CVE-2023-45864 | 2023-12-13 | A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas. |
| CVE-2023-47320 | 2023-12-13 | Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to... |
| CVE-2023-47325 | 2023-12-13 | Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The... |
| CVE-2023-50440 | 2023-12-13 | ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL... |
| CVE-2023-6753 | 2023-12-13 | Path Traversal in mlflow/mlflow |
| CVE-2023-45800 | 2023-12-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1. |
| CVE-2023-45801 | 2023-12-13 | Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0. |
| CVE-2023-6377 | 2023-12-13 | Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions |
| CVE-2023-6478 | 2023-12-13 | Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty |
| CVE-2023-48782 | 2023-12-13 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via... |
| CVE-2022-27488 | 2023-12-13 | A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through... |
| CVE-2023-45587 | 2023-12-13 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4... |
| CVE-2023-46713 | 2023-12-13 | An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic... |
| CVE-2023-41844 | 2023-12-13 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4... |
| CVE-2023-36639 | 2023-12-13 | A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through... |
| CVE-2023-41673 | 2023-12-13 | An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or... |
| CVE-2023-40716 | 2023-12-13 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute... |
| CVE-2023-41678 | 2023-12-13 | A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. |
| CVE-2023-48791 | 2023-12-13 | An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at... |
| CVE-2023-46671 | 2023-12-13 | Kibana Insertion of Sensitive Information into Log File |
| CVE-2023-46675 | 2023-12-13 | Kibana Insertion of Sensitive Information into Log File |
| CVE-2023-45725 | 2023-12-13 | Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents |
| CVE-2023-47536 | 2023-12-13 | An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12... |
| CVE-2023-6534 | 2023-12-13 | TCP spoofing vulnerability in pf(4) |
| CVE-2022-22942 | 2023-12-13 | The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. |
| CVE-2023-6660 | 2023-12-13 | NFS client data corruption and kernel memory disclosure |
| CVE-2023-31210 | 2023-12-13 | Privilege escalation in agent via LD_LIBRARY_PATH |
| CVE-2023-44252 | 2023-12-13 | ** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges... |
| CVE-2023-44251 | 2023-12-13 | ** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2... |
| CVE-2023-6718 | 2023-12-13 | Authentication Bypass Using an Alternate Path or Channel in Repox |
| CVE-2023-6719 | 2023-12-13 | Cross-site Scripting in Repox |
| CVE-2023-47075 | 2023-12-13 | ZDI-CAN-22006: Adobe Illustrator JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-47074 | 2023-12-13 | ZDI-CAN-21812: Adobe Illustrator JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-47063 | 2023-12-13 | Adobe Illustrator 2023 CC 27.7 Memory Corruption Out-Of-Bounds-Write Vulnerability IV. |
| CVE-2023-47077 | 2023-12-13 | Adobe InDesign CC 2023 Memory Corruption Vulnerability VI. |
| CVE-2023-47076 | 2023-12-13 | Adobe InDesign CC 2023 Memory Corruption Vulnerability IV. |
| CVE-2023-6720 | 2023-12-13 | Cross-site Scripting in Repox |
| CVE-2023-6721 | 2023-12-13 | Improper Restriction of XML External Entity Reference in Repox |
| CVE-2023-6722 | 2023-12-13 | Relative Path Traversal in Repox |
| CVE-2023-6723 | 2023-12-13 | Unrestricted Upload of File with Dangerous Type in Repox |
| CVE-2023-6381 | 2023-12-13 | Improper input validation in Newsletter Software SuperMailer |
| CVE-2023-6379 | 2023-12-13 | Cross-site Scripting in Alkacon Software OpenCms |
| CVE-2023-6380 | 2023-12-13 | Open Redirect in Alkacon Software OpenCms |
| CVE-2023-44362 | 2023-12-13 | ZDI-CAN-21791: Adobe Prelude MP4 File Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2023-42495 | 2023-12-13 | Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CVE-2023-6755 | 2023-12-13 | DedeBIZ content_batchup_action.php sql injection |
| CVE-2023-47078 | 2023-12-13 | ZDI-CAN-22249: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-47062 | 2023-12-13 | ZDI-CAN-22284: Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-47061 | 2023-12-13 | ZDI-CAN-22278: Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-47079 | 2023-12-13 | ZDI-CAN-22279: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-47081 | 2023-12-13 | Adobe Substance 3D Stager v2.1.1 Vulnerability II |
| CVE-2023-47080 | 2023-12-13 | Adobe Substance 3D Stager v2.1.1 Vulnerability VI |
| CVE-2023-48626 | 2023-12-13 | Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability V |
| CVE-2023-48629 | 2023-12-13 | Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability II |
| CVE-2023-48630 | 2023-12-13 | Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability I |
| CVE-2023-48628 | 2023-12-13 | Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability III |
| CVE-2023-48627 | 2023-12-13 | Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability IV |
| CVE-2023-48625 | 2023-12-13 | Adobe Substance 3D Sampler v4.2.1Build3527 OOBW Vulnerability VI |
| CVE-2023-48632 | 2023-12-13 | ZDI-CAN-22172: Adobe After Effects AEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-48635 | 2023-12-13 | ZDI-CAN-22174: Adobe After Effects AEP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-48634 | 2023-12-13 | ZDI-CAN-22175: Adobe After Effects AEP File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2023-48633 | 2023-12-13 | ZDI-CAN-22173: Adobe After Effects AEP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-6756 | 2023-12-13 | Thecosy IceCMS Captcha login excessive authentication |
| CVE-2023-48636 | 2023-12-13 | Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability IV |
| CVE-2023-48637 | 2023-12-13 | Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability II |
| CVE-2023-48639 | 2023-12-13 | Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability I |
| CVE-2023-48638 | 2023-12-13 | Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability III |
| CVE-2023-6757 | 2023-12-13 | Thecosy IceCMS API PlanetUser information disclosure |
| CVE-2023-6758 | 2023-12-13 | Thecosy IceCMS API PlanetCommentList access control |
| CVE-2023-6759 | 2023-12-13 | Thecosy IceCMS Love resource improper enforcement of a single, unique action |
| CVE-2023-6760 | 2023-12-13 | Thecosy IceCMS user session |
| CVE-2023-6761 | 2023-12-13 | Thecosy IceCMS User Data access control |
| CVE-2023-6762 | 2023-12-13 | Thecosy IceCMS Article permission |
| CVE-2023-50764 | 2023-12-13 | Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins... |
| CVE-2023-50765 | 2023-12-13 | A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. |
| CVE-2023-50766 | 2023-12-13 | A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as... |
| CVE-2023-50767 | 2023-12-13 | Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as... |
| CVE-2023-50768 | 2023-12-13 | A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another... |
| CVE-2023-50769 | 2023-12-13 | Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another... |
| CVE-2023-50770 | 2023-12-13 | Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to... |