CVE List - 2023 / December
Showing 1601 - 1700 of 2673 CVEs for December 2023 (Page 17 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-24351 | 2023-12-16 | TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an... |
| CVE-2023-50784 | 2023-12-16 | A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port... |
| CVE-2023-39340 | 2023-12-16 | A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the... |
| CVE-2023-6848 | 2023-12-16 | kalcaddle kodbox index.class.php check command injection |
| CVE-2023-6849 | 2023-12-16 | kalcaddle kodbox app.php cover server-side request forgery |
| CVE-2023-6850 | 2023-12-16 | kalcaddle KodExplorer API Endpoint unrestricted upload |
| CVE-2023-6889 | 2023-12-16 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-6890 | 2023-12-16 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-6851 | 2023-12-16 | kalcaddle KodExplorer ZIP Archive app.php unzipList code injection |
| CVE-2023-6852 | 2023-12-16 | kalcaddle KodExplorer app.php server-side request forgery |
| CVE-2023-6853 | 2023-12-16 | kalcaddle KodExplorer app.php index server-side request forgery |
| CVE-2023-6559 | 2023-12-16 | The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating... |
| CVE-2023-6885 | 2023-12-16 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-50965 | 2023-12-17 | In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI. |
| CVE-2023-50976 | 2023-12-17 | Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. |
| CVE-2023-6886 | 2023-12-17 | xnx3 wangmarket Role Management Page code injection |
| CVE-2023-6887 | 2023-12-17 | saysky ForestBlog Image Upload img unrestricted upload |
| CVE-2023-6888 | 2023-12-17 | PHZ76 RtspServer RtspMesaage.cpp ParseRequestLine stack-based overflow |
| CVE-2023-6891 | 2023-12-17 | PeaZip Library dragdropfilesdll.dll uncontrolled search path |
| CVE-2023-6893 | 2023-12-17 | Hikvision Intercom Broadcasting System exportrecord.php path traversal |
| CVE-2023-6894 | 2023-12-17 | Hikvision Intercom Broadcasting System Log File system.html information disclosure |
| CVE-2023-6895 | 2023-12-17 | Hikvision Intercom Broadcasting System ping.php os command injection |
| CVE-2023-24380 | 2023-12-17 | WordPress Simple Wp Sitemap Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49751 | 2023-12-17 | WordPress Block for Font Awesome Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49769 | 2023-12-17 | WordPress Integrate Google Drive Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6896 | 2023-12-17 | SourceCodester Simple Image Stack Website cross site scripting |
| CVE-2023-49775 | 2023-12-17 | WordPress CSV Importer Plugin <= 0.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49816 | 2023-12-17 | WordPress Fix My Feed RSS Repair Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6898 | 2023-12-17 | SourceCodester Best Courier Management System manage_user.php sql injection |
| CVE-2023-49824 | 2023-12-17 | WordPress Product Catalog Feed by PixelYourSite Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49834 | 2023-12-17 | WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6899 | 2023-12-17 | rmountjoy92 DashMachine Config save_config code injection |
| CVE-2023-6900 | 2023-12-17 | rmountjoy92 DashMachine delete_file path traversal |
| CVE-2023-6901 | 2023-12-17 | codelyfe Stupid Simple CMS HTTP POST Request handle-command.php os command injection |
| CVE-2023-50271 | 2023-12-17 | HP-UX System Management Homepage, Disclosure of Information |
| CVE-2023-6902 | 2023-12-17 | codelyfe Stupid Simple CMS upload.php unrestricted upload |
| CVE-2023-6903 | 2023-12-17 | Netentsec NS-ASG Application Security Gateway sql injection |
| CVE-2023-6904 | 2023-12-17 | Jahastech NxFilter config,admin.jsp cross-site request forgery |
| CVE-2023-3907 | 2023-12-17 | Improper User Management in GitLab |
| CVE-2023-6905 | 2023-12-17 | Jahastech NxFilter Bind Request ldap injection |
| CVE-2023-50979 | 2023-12-18 | Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. |
| CVE-2023-50980 | 2023-12-18 | gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each... |
| CVE-2023-51384 | 2023-12-18 | In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to... |
| CVE-2023-48795 | 2023-12-18 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from... |
| CVE-2023-50981 | 2023-12-18 | ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the... |
| CVE-2023-51385 | 2023-12-18 | In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token... |
| CVE-2023-6906 | 2023-12-18 | Totolink A7100RU HTTP POST Request main buffer overflow |
| CVE-2023-6909 | 2023-12-18 | Path Traversal: '\..\filename' in mlflow/mlflow |
| CVE-2023-6907 | 2023-12-18 | codelyfe Stupid Simple CMS Deletion Interface delete.php improper authentication |
| CVE-2023-6908 | 2023-12-18 | DFIRKuiper TAR Archive case_management.py unzip_file path traversal |
| CVE-2023-6483 | 2023-12-18 | Improper Authentication Vulnerability in ADiTaaS |
| CVE-2023-41314 | 2023-12-18 | Apache Doris: Missing API authentication allowed DoS |
| CVE-2023-6911 | 2023-12-18 | Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious... |
| CVE-2023-32725 | 2023-12-18 | Leak of zbx_session cookie when using a scheduled report that includes a dashboard with a URL widget. |
| CVE-2023-32726 | 2023-12-18 | Possible buffer overread from reading DNS responses |
| CVE-2023-32727 | 2023-12-18 | Code execution vulnerability in icmpping |
| CVE-2023-32728 | 2023-12-18 | Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin |
| CVE-2023-50372 | 2023-12-18 | WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49855 | 2023-12-18 | WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49854 | 2023-12-18 | WordPress Caddy Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28053 | 2023-12-18 | Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to... |
| CVE-2023-39509 | 2023-12-18 | A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. |
| CVE-2023-32230 | 2023-12-18 | An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. |
| CVE-2023-35867 | 2023-12-18 | An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.... |
| CVE-2022-41677 | 2023-12-18 | An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device,... |
| CVE-2023-3430 | 2023-12-18 | Openimageio: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp |
| CVE-2023-47038 | 2023-12-18 | Perl: write past buffer end via illegal user-defined unicode property |
| CVE-2023-4320 | 2023-12-18 | Satellite: arithmetic overflow in satellite |
| CVE-2023-3628 | 2023-12-18 | Infispan: rest bulk ops don't check permissions |
| CVE-2023-3629 | 2023-12-18 | Infinispan: non-admins should not be able to get cache config via rest api |
| CVE-2023-5115 | 2023-12-18 | Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files |
| CVE-2023-5056 | 2023-12-18 | Skupper-operator: privelege escalation via config map |
| CVE-2023-5236 | 2023-12-18 | Infinispan: circular reference on marshalling leads to dos |
| CVE-2023-5384 | 2023-12-18 | Infinispan: credentials returned from configuration as clear text |
| CVE-2023-6228 | 2023-12-18 | Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c |
| CVE-2023-46177 | 2023-12-18 | IBM MQ Appliance information disclosure |
| CVE-2023-49853 | 2023-12-18 | WordPress PayTR Taksit Tablosu Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6817 | 2023-12-18 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2023-49844 | 2023-12-18 | WordPress WPPerformanceTester Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49843 | 2023-12-18 | WordPress First Order Discount Woocommerce Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-49840 | 2023-12-18 | WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6778 | 2023-12-18 | Cross-site Scripting (XSS) - Stored in allegroai/clearml-server |
| CVE-2022-40312 | 2023-12-18 | WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2023-47787 | 2023-12-18 | WordPress WooCommerce Bookings Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47789 | 2023-12-18 | WordPress WooCommerce Canada Post Shipping Plugin <= 2.8.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47806 | 2023-12-18 | WordPress Disable User Login Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33214 | 2023-12-18 | WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48755 | 2023-12-18 | WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48762 | 2023-12-18 | WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46617 | 2023-12-18 | WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48766 | 2023-12-18 | WordPress SVGator – Add Animated SVG Easily Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6691 | 2023-12-18 | Code Injection vulnerability in Cambium ePMP Force 300-25 |
| CVE-2023-47741 | 2023-12-18 | IBM i information disclosure |
| CVE-2023-6203 | 2023-12-18 | The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read |
| CVE-2023-6222 | 2023-12-18 | Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal |
| CVE-2023-5005 | 2023-12-18 | Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting |
| CVE-2023-6272 | 2023-12-18 | Theme My Login 2FA < 1.2 - Lack of Rate Limiting |
| CVE-2023-6065 | 2023-12-18 | Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure |
| CVE-2023-5886 | 2023-12-18 | WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF |
| CVE-2023-4311 | 2023-12-18 | Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE |