VULNMAP - Security Vulnerabilities

CVE List - 2023 / December

Showing 1301 - 1400 of 2673 CVEs for December 2023 (Page 14 of 27)

CVE ID Date Title
CVE-2023-6703 2023-12-14 Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6704 2023-12-14 Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)
CVE-2023-6705 2023-12-14 Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6706 2023-12-14 Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption...
CVE-2023-6707 2023-12-14 Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4489 2023-12-14 Z/IP Gateway Use of Uninitialized PRNG when Generating S0 Encryption Key
CVE-2023-40954 2023-12-15 A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0...
CVE-2023-42183 2023-12-15 lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.
CVE-2023-48050 2023-12-15 SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and...
CVE-2023-50089 2023-12-15 A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
CVE-2023-50469 2023-12-15 Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi.
CVE-2023-50917 2023-12-15 MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
CVE-2023-50918 2023-12-15 app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
CVE-2023-6831 2023-12-15 Path Traversal: '\..\filename' in mlflow/mlflow
CVE-2023-6832 2023-12-15 Business Logic Errors in microweber/microweber
CVE-2023-36878 2023-12-15 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-50715 2023-12-15 User accounts disclosed to unauthenticated actors on the LAN
CVE-2023-48371 2023-12-15 ITPison OMICARD EDM 's SMS - Arbitrary File Upload
CVE-2023-48372 2023-12-15 ITPison OMICARD EDM 's SMS - SQL Injection
CVE-2023-48373 2023-12-15 ITPison OMICARD EDM 's SMS - Path Traversal
CVE-2023-6826 2023-12-15 The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes...
CVE-2023-6827 2023-12-15 The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5....
CVE-2023-48374 2023-12-15 SmartStar Software CWS Web-Base - Use of Hard-coded Credentials
CVE-2023-48375 2023-12-15 SmartStar Software CWS Web-Base - Broken Access Control
CVE-2023-48376 2023-12-15 SmartStar Software CWS Web-Base - Arbitrary File Upload
CVE-2023-48378 2023-12-15 Softnext Mail SQR Expert - Path Traversal
CVE-2023-48379 2023-12-15 Softnext Mail SQR Expert - Blind Server-Side Request Forgey (SSRF)
CVE-2023-48380 2023-12-15 Softnext Mail SQR Expert - Command Injection
CVE-2023-29234 2023-12-15 Bypass serialize checks in Apache Dubbo
CVE-2023-46279 2023-12-15 Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
CVE-2023-48381 2023-12-15 Softnext Mail SQR Expert - Local File Inclusion-1
CVE-2023-48382 2023-12-15 Softnext Mail SQR Expert - Local File Inclusion-2
CVE-2023-48384 2023-12-15 ArmorX Global Technology Corporation ArmorX Spam - SQL Injectoin
CVE-2023-48387 2023-12-15 TAIWAN-CA(TWCA) JCICSecurityTool - Improper Input Validation
CVE-2023-48388 2023-12-15 Multisuns EasyLog web+ - Use of Hard-coded Password
CVE-2023-48389 2023-12-15 Multisuns EasyLog web+ - Path Traversal
CVE-2023-48390 2023-12-15 Multisuns EasyLog web+ - Command Injection
CVE-2023-6835 2023-12-15 Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
CVE-2023-48392 2023-12-15 Kaifa Technology WebITR - Hard-coded Cryptographic Key
CVE-2023-48393 2023-12-15 Kaifa Technology WebITR - Error Message Leakage
CVE-2023-48394 2023-12-15 Kaifa Technology WebITR - Arbitrary File Upload
CVE-2023-6836 2023-12-15 Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive...
CVE-2023-48395 2023-12-15 Kaifa Technology WebITR - SQL Injection
CVE-2023-6837 2023-12-15 Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation
CVE-2023-6838 2023-12-15 Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.
CVE-2023-6839 2023-12-15 Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.
CVE-2023-48485 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48523 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48599 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48615 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48606 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48492 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48582 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48494 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48506 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48502 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48509 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48560 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48487 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48593 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48484 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48504 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48514 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48603 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48594 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48572 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48466 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48511 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48495 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48566 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48600 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48597 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48609 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48577 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48491 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48558 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48610 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48446 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48475 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48573 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48442 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48554 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48545 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48590 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48479 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48602 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48535 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48534 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48548 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48455 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2023-48469 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48529 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48463 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48547 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48569 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48549 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48611 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2023-48507 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48530 2023-12-15 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2023-48450 2023-12-15 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)