CVE List - 2023 / December
Showing 801 - 900 of 2673 CVEs for December 2023 (Page 9 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-45292 | 2023-12-11 | Captcha verification bypass in github.com/mojocn/base64Captcha |
| CVE-2023-49804 | 2023-12-11 | Uptime Kuma Password Change Vulnerability |
| CVE-2023-49805 | 2023-12-11 | Uptime Kuma Missing Origin Validation in WebSockets |
| CVE-2023-50245 | 2023-12-11 | OpenEXR-viewer memory overflow vulnerability |
| CVE-2023-49803 | 2023-12-11 | @koa/cors has overly permissive origin policy |
| CVE-2009-4123 | 2023-12-12 | The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. |
| CVE-2013-2513 | 2023-12-12 | The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file. |
| CVE-2015-2179 | 2023-12-12 | The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments. |
| CVE-2020-10676 | 2023-12-12 | In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different... |
| CVE-2020-12612 | 2023-12-12 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and... |
| CVE-2020-12614 | 2023-12-12 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in... |
| CVE-2020-12615 | 2023-12-12 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with... |
| CVE-2020-28369 | 2023-12-12 | In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp. |
| CVE-2022-44543 | 2023-12-12 | The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the... |
| CVE-2023-26920 | 2023-12-12 | fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. |
| CVE-2023-28604 | 2023-12-12 | The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases. |
| CVE-2023-31048 | 2023-12-12 | The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. |
| CVE-2023-36647 | 2023-12-12 | A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API... |
| CVE-2023-36648 | 2023-12-12 | Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and... |
| CVE-2023-36649 | 2023-12-12 | Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading... |
| CVE-2023-36650 | 2023-12-12 | A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update... |
| CVE-2023-36651 | 2023-12-12 | Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. |
| CVE-2023-36654 | 2023-12-12 | Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by... |
| CVE-2023-41113 | 2023-12-12 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user... |
| CVE-2023-41114 | 2023-12-12 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text... |
| CVE-2023-41115 | 2023-12-12 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated... |
| CVE-2023-41116 | 2023-12-12 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user... |
| CVE-2023-41118 | 2023-12-12 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated... |
| CVE-2023-41119 | 2023-12-12 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue... |
| CVE-2023-41120 | 2023-12-12 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user... |
| CVE-2023-41623 | 2023-12-12 | Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. |
| CVE-2023-43364 | 2023-12-12 | main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution. |
| CVE-2023-46454 | 2023-12-12 | In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. |
| CVE-2023-46455 | 2023-12-12 | In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. |
| CVE-2023-46456 | 2023-12-12 | In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. |
| CVE-2023-48641 | 2023-12-12 | Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating... |
| CVE-2023-48642 | 2023-12-12 | Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in... |
| CVE-2023-49563 | 2023-12-12 | Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver. |
| CVE-2015-8314 | 2023-12-12 | The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. |
| CVE-2018-16153 | 2023-12-12 | An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. |
| CVE-2023-28465 | 2023-12-12 | The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name... |
| CVE-2023-36652 | 2023-12-12 | A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter. |
| CVE-2023-41117 | 2023-12-12 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages,... |
| CVE-2023-49990 | 2023-12-12 | Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c. |
| CVE-2023-49991 | 2023-12-12 | Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c. |
| CVE-2023-49992 | 2023-12-12 | Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c. |
| CVE-2023-49993 | 2023-12-12 | Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c. |
| CVE-2023-49994 | 2023-12-12 | Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c. |
| CVE-2023-50495 | 2023-12-12 | NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). |
| CVE-2023-42914 | 2023-12-12 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3... |
| CVE-2023-42902 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42884 | 2023-12-12 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3... |
| CVE-2023-42922 | 2023-12-12 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS... |
| CVE-2023-42923 | 2023-12-12 | This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication. |
| CVE-2023-42919 | 2023-12-12 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura... |
| CVE-2023-42903 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42908 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42924 | 2023-12-12 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data. |
| CVE-2023-42898 | 2023-12-12 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead... |
| CVE-2023-42932 | 2023-12-12 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected... |
| CVE-2023-42912 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42904 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42882 | 2023-12-12 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution. |
| CVE-2023-42894 | 2023-12-12 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to... |
| CVE-2023-42883 | 2023-12-12 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and... |
| CVE-2023-42905 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42899 | 2023-12-12 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3... |
| CVE-2023-42909 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42926 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42906 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42910 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42911 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42907 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42897 | 2023-12-12 | The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access... |
| CVE-2023-42874 | 2023-12-12 | This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical... |
| CVE-2023-42890 | 2023-12-12 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content... |
| CVE-2023-42886 | 2023-12-12 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause... |
| CVE-2023-42900 | 2023-12-12 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. |
| CVE-2023-42901 | 2023-12-12 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or... |
| CVE-2023-42891 | 2023-12-12 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor... |
| CVE-2023-40446 | 2023-12-12 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input... |
| CVE-2023-42476 | 2023-12-12 | Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence |
| CVE-2023-42478 | 2023-12-12 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-42479 | 2023-12-12 | Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct |
| CVE-2023-42481 | 2023-12-12 | Improper Access Control vulnerability in SAP Commerce Cloud |
| CVE-2023-49058 | 2023-12-12 | Directory Traversal vulnerability in SAP Master Data Governance |
| CVE-2023-49577 | 2023-12-12 | Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution) |
| CVE-2023-49578 | 2023-12-12 | Denial of service (DOS) in SAP Cloud Connector |
| CVE-2023-49580 | 2023-12-12 | Information disclosure in SAP GUI for Windows and SAP GUI for Java |
| CVE-2023-49581 | 2023-12-12 | SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2023-49583 | 2023-12-12 | Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec) |
| CVE-2023-50422 | 2023-12-12 | Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) |
| CVE-2023-49584 | 2023-12-12 | Client-Side Desynchronization vulnerability in SAP Fiori Launchpad |
| CVE-2023-49587 | 2023-12-12 | Command Injection vulnerability in SAP Solution Manager |
| CVE-2023-6542 | 2023-12-12 | Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID |
| CVE-2023-46219 | 2023-12-12 | When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should... |
| CVE-2023-5536 | 2023-12-12 | A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo... |
| CVE-2023-50423 | 2023-12-12 | Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec) |
| CVE-2023-50424 | 2023-12-12 | Escalation of Privileges in SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) |
| CVE-2023-6709 | 2023-12-12 | Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow |