CVE List - 2023 / December
Showing 1101 - 1200 of 2673 CVEs for December 2023 (Page 12 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-50771 | 2023-12-13 | Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. |
| CVE-2023-50772 | 2023-12-13 | Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read... |
| CVE-2023-50773 | 2023-12-13 | Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. |
| CVE-2023-50774 | 2023-12-13 | A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system. |
| CVE-2023-50775 | 2023-12-13 | A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. |
| CVE-2023-50776 | 2023-12-13 | Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read... |
| CVE-2023-50777 | 2023-12-13 | Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. |
| CVE-2023-50778 | 2023-12-13 | A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token. |
| CVE-2023-50779 | 2023-12-13 | Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. |
| CVE-2023-6765 | 2023-12-13 | SourceCodester Online Tours & Travels Management System email_setup.php prepare sql injection |
| CVE-2023-6766 | 2023-12-13 | PHPGurukul Teacher Subject Allocation Management System Delete Course course.php cross-site request forgery |
| CVE-2023-6767 | 2023-12-13 | SourceCodester Wedding Guest e-Book add-guest.php cross site scripting |
| CVE-2023-6790 | 2023-12-13 | PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface |
| CVE-2023-6792 | 2023-12-13 | PAN-OS: OS Command Injection Vulnerability in the XML API |
| CVE-2023-6794 | 2023-12-13 | PAN-OS: File Upload Vulnerability in the Web Interface |
| CVE-2023-43813 | 2023-12-13 | glpi Authenticated SQL Injection |
| CVE-2023-6795 | 2023-12-13 | PAN-OS: OS Command Injection Vulnerability in the Web Interface |
| CVE-2023-46726 | 2023-12-13 | GLPI Remote code execution from LDAP server configuration form on PHP 7.4 |
| CVE-2023-6789 | 2023-12-13 | PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface |
| CVE-2023-46727 | 2023-12-13 | GLPI SQL injection through inventory agent request |
| CVE-2023-6791 | 2023-12-13 | PAN-OS: Plaintext Disclosure of External System Integration Credentials |
| CVE-2023-6771 | 2023-12-13 | SourceCodester Simple Student Attendance System actions.class.php save_attendance sql injection |
| CVE-2023-6793 | 2023-12-13 | PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator |
| CVE-2023-6772 | 2023-12-13 | OTCMS ind_backstage.php sql injection |
| CVE-2023-6773 | 2023-12-13 | CodeAstro POS and Inventory Management System User Creation register_account access control |
| CVE-2023-46247 | 2023-12-13 | Vyper has incorrect storage layout for contracts containing large arrays |
| CVE-2023-49296 | 2023-12-13 | Arduino Create Agent vulnerable to Reflected Cross-Site Scripting |
| CVE-2023-6774 | 2023-12-13 | CodeAstro POS and Inventory Management System register_account cross site scripting |
| CVE-2023-6775 | 2023-12-13 | CodeAstro POS and Inventory Management System item_con cross site scripting |
| CVE-2023-49877 | 2023-12-13 | IBM System Storage Virtualization Engine information disclosure |
| CVE-2023-49878 | 2023-12-13 | IBM System Storage Virtualization Engine information disclosure |
| CVE-2023-50246 | 2023-12-13 | jq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c |
| CVE-2023-50248 | 2023-12-13 | CKAN out of memory error when submitting the dataset form with a specially-crafted field |
| CVE-2023-50268 | 2023-12-13 | jq has stack-based buffer overflow in decNaNs |
| CVE-2023-50262 | 2023-12-13 | Dompdf possible DoS caused by infinite recursion when parsing SVG images |
| CVE-2023-48702 | 2023-12-13 | Jellyfin Possible Remote Code Execution via custom FFmpeg binary |
| CVE-2023-47619 | 2023-12-13 | Audiobookshelf Server-Side Request Forgery and Arbitrary File Read Vulnerability |
| CVE-2023-47624 | 2023-12-13 | Audiobookshelf Arbitrary File Read Vulnerability |
| CVE-2023-47623 | 2023-12-13 | Scrypted reflected Cross-site Scripting vulnerability |
| CVE-2023-47620 | 2023-12-13 | Scrypted reflected Cross-site Scripting vulnerability |
| CVE-2023-50709 | 2023-12-13 | Denial of service attack on the cube-api endpoint |
| CVE-2023-43583 | 2023-12-13 | Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a... |
| CVE-2023-43585 | 2023-12-13 | Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network... |
| CVE-2023-43586 | 2023-12-13 | Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via... |
| CVE-2023-49646 | 2023-12-13 | Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. |
| CVE-2023-45166 | 2023-12-13 | IBM AIX privilege escalation |
| CVE-2023-45174 | 2023-12-13 | IBM AIX privilege escalation |
| CVE-2023-45170 | 2023-12-13 | IBM AIX privilege escalation |
| CVE-2023-21751 | 2023-12-13 | Azure DevOps Server Spoofing Vulnerability |
| CVE-2023-31546 | 2023-12-14 | Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature. |
| CVE-2023-44709 | 2023-12-14 | PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory. |
| CVE-2023-45894 | 2023-12-14 | The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk... |
| CVE-2023-46348 | 2023-12-14 | SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. |
| CVE-2023-47261 | 2023-12-14 | Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled. |
| CVE-2023-48049 | 2023-12-14 | A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via... |
| CVE-2023-48084 | 2023-12-14 | Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. |
| CVE-2023-48925 | 2023-12-14 | SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run(). |
| CVE-2023-50011 | 2023-12-14 | PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field. |
| CVE-2023-50017 | 2023-12-14 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup |
| CVE-2023-50073 | 2023-12-14 | EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php. |
| CVE-2023-50100 | 2023-12-14 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing. |
| CVE-2023-50101 | 2023-12-14 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing. |
| CVE-2023-50102 | 2023-12-14 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-50137 | 2023-12-14 | JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office. |
| CVE-2023-50472 | 2023-12-14 | cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. |
| CVE-2023-50563 | 2023-12-14 | Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php. |
| CVE-2023-50564 | 2023-12-14 | An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. |
| CVE-2023-50565 | 2023-12-14 | A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-50566 | 2023-12-14 | A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter. |
| CVE-2023-41151 | 2023-12-14 | An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an... |
| CVE-2023-48085 | 2023-12-14 | Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. |
| CVE-2023-49933 | 2023-12-14 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC... |
| CVE-2023-49934 | 2023-12-14 | An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. |
| CVE-2023-49935 | 2023-12-14 | An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during... |
| CVE-2023-49936 | 2023-12-14 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. |
| CVE-2023-49937 | 2023-12-14 | An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed... |
| CVE-2023-49938 | 2023-12-14 | An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem,... |
| CVE-2023-50471 | 2023-12-14 | cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. |
| CVE-2022-43843 | 2023-12-14 | IBM Spectrum Scale information disclosure |
| CVE-2023-43042 | 2023-12-14 | IBM Storage Virtualize information disclosure |
| CVE-2023-45184 | 2023-12-14 | IBM i Access Client Solutions |
| CVE-2023-41720 | 2023-12-14 | A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by... |
| CVE-2023-41719 | 2023-12-14 | A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code... |
| CVE-2023-5629 | 2023-12-14 | A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. |
| CVE-2023-5630 | 2023-12-14 | A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware. |
| CVE-2023-6407 | 2023-12-14 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and... |
| CVE-2023-25648 | 2023-12-14 | Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI |
| CVE-2023-25650 | 2023-12-14 | Arbitrary File Download Vulnerability in ZTE ZXCLOUD iRAI |
| CVE-2023-25651 | 2023-12-14 | SQL Injection Vulnerability in Some ZTE Mobile Internet Products |
| CVE-2023-25642 | 2023-12-14 | Two Vulnerabilities in Some ZTE Mobile Internet Products |
| CVE-2023-25643 | 2023-12-14 | Two Vulnerabilities in Some ZTE Mobile Internet Products |
| CVE-2023-1904 | 2023-12-14 | In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. |
| CVE-2023-25644 | 2023-12-14 | Denial of Service Vulnerability in Some ZTE Mobile Internet Products |
| CVE-2023-46750 | 2023-12-14 | Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. |
| CVE-2023-40655 | 2023-12-14 | Extension - mooj.org - Reflected XSS in Proforms Basic component for Joomla <= 1.6.0 |
| CVE-2023-40630 | 2023-12-14 | Extension - joomcode.com - Unauthenticated LFI/SSRF in JCDashboards component for Joomla 1.0.0-1.1.30 |
| CVE-2023-40657 | 2023-12-14 | Extension - artio.net - Reflected XSS in Joomdoc component for Joomla 1.0.0-4.0.5 |
| CVE-2023-49707 | 2023-12-14 | Extension - joomlart.com - SQLi vulnerability in S5 Register module for Joomla 1.0.0-3.0.0 |
| CVE-2023-40656 | 2023-12-14 | Extension - plasma-web.ru - Reflected XSS in Quickform component for Joomla 1.0.0-3.3.01 |
| CVE-2023-49708 | 2023-12-14 | Extension - joomstar.com - SQLi vulnerability in Starshop component for Joomla 1.0.0-1.0.9 |