CVE List - 2023 / December
Showing 2101 - 2200 of 2674 CVEs for December 2023 (Page 22 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-49688 | 2023-12-21 | Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49689 | 2023-12-21 | Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49086 | 2023-12-21 | Cacti is vulnerable to cross-Site scripting (XSS) DOM |
| CVE-2022-47532 | 2023-12-22 | FileRun 20220519 allows SQL Injection via the "dir" parameter in... |
| CVE-2023-24609 | 2023-12-22 | Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have... |
| CVE-2023-42465 | 2023-12-22 | Sudo before 1.9.15 might allow row hammer attacks (for authentication... |
| CVE-2023-43116 | 2023-12-22 | A symbolic link following vulnerability in Buildkite Elastic CI for... |
| CVE-2023-43741 | 2023-12-22 | A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for... |
| CVE-2023-45957 | 2023-12-22 | A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php... |
| CVE-2023-49391 | 2023-12-22 | An issue was discovered in free5GC version 3.3.0, allows remote... |
| CVE-2023-50147 | 2023-12-22 | There is an arbitrary command execution vulnerability in the setDiagnosisCfg... |
| CVE-2023-51011 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51012 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51013 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51014 | 2023-12-22 | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51015 | 2023-12-22 | TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in... |
| CVE-2023-51016 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51017 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51019 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51020 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51021 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51022 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51023 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in... |
| CVE-2023-51024 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51025 | 2023-12-22 | TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command... |
| CVE-2023-51026 | 2023-12-22 | TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51027 | 2023-12-22 | TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51028 | 2023-12-22 | TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51033 | 2023-12-22 | TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via... |
| CVE-2023-51034 | 2023-12-22 | TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via... |
| CVE-2023-51035 | 2023-12-22 | TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on... |
| CVE-2023-51704 | 2023-12-22 | An issue was discovered in MediaWiki before 1.35.14, 1.36.x through... |
| CVE-2023-51708 | 2023-12-22 | Bentley eB System Management Console applications within Assetwise Integrity Information... |
| CVE-2023-51713 | 2023-12-22 | make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte... |
| CVE-2023-49356 | 2023-12-22 | A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an... |
| CVE-2023-51018 | 2023-12-22 | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution... |
| CVE-2023-51707 | 2023-12-22 | MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and... |
| CVE-2023-7052 | 2023-12-22 | PHPGurukul Online Notes Sharing System profile.php cross-site request forgery |
| CVE-2023-7053 | 2023-12-22 | PHPGurukul Online Notes Sharing System signup.php weak password |
| CVE-2023-7054 | 2023-12-22 | PHPGurukul Online Notes Sharing System add-notes.php unrestricted upload |
| CVE-2023-7055 | 2023-12-22 | PHPGurukul Online Notes Sharing System Contact Information profile.php access control |
| CVE-2023-7056 | 2023-12-22 | code-projects Faculty Management System subjects.php cross site scripting |
| CVE-2023-7057 | 2023-12-22 | code-projects Faculty Management System yearlevel.php cross site scripting |
| CVE-2023-7058 | 2023-12-22 | SourceCodester Simple Student Attendance System path traversal |
| CVE-2023-7059 | 2023-12-22 | SourceCodester School Visitor Log e-Book log-book.php cross site scripting |
| CVE-2023-7075 | 2023-12-22 | code-projects Point of Sales and Inventory Management System checkout.php cross site scripting |
| CVE-2023-7076 | 2023-12-22 | slawkens MyAAC bugtracker.php cross site scripting |
| CVE-2023-51661 | 2023-12-22 | Filesystem sandbox not enforced in wasmer-cli |
| CVE-2022-39337 | 2023-12-22 | Permission bypass due to incorrect configuration in github.com/dromara/hertzbeat |
| CVE-2023-48704 | 2023-12-22 | Unauthenticated heap buffer overflow in Gorrila codec decompression |
| CVE-2023-45165 | 2023-12-22 | IBM AIX denial of service |
| CVE-2023-48670 | 2023-12-22 | Dell SupportAssist for Home PCs version 3.14.1 and prior versions... |
| CVE-2023-42017 | 2023-12-22 | IBM Planning Analytics file upload |
| CVE-2023-49085 | 2023-12-22 | Cacti SQL Injection vulnerability |
| CVE-2023-49088 | 2023-12-22 | Cacti has incomplete fix for CVE-2023-39515 |
| CVE-2023-49790 | 2023-12-22 | App PIN code can be bypassed in Nextcloud Files iOS |
| CVE-2023-49791 | 2023-12-22 | Workflows do not require password confirmation on API level |
| CVE-2023-51662 | 2023-12-22 | Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL) |
| CVE-2023-49792 | 2023-12-22 | Bruteforce protection can be bypassed with misconfigured proxy |
| CVE-2023-50250 | 2023-12-22 | Cross-Site Scripting vulnerability when Import xml template file |
| CVE-2023-51448 | 2023-12-22 | SQL Injection vulnerability when managing SNMP Notification Receivers |
| CVE-2023-51649 | 2023-12-22 | Nautobot missing object-level permissions enforcement when running Job Buttons |
| CVE-2023-50254 | 2023-12-22 | Deepin Reader RCE vulnerability due to a design flaw |
| CVE-2023-50258 | 2023-12-22 | Blind SSRF in `/home/testdiscord` endpoint |
| CVE-2023-50259 | 2023-12-22 | Blind SSRF in /home/testslack endpoint |
| CVE-2023-39251 | 2023-12-22 | Dell BIOS contains an Improper Input Validation vulnerability. A local... |
| CVE-2023-43088 | 2023-12-22 | Dell Client BIOS contains a pre-boot direct memory access (DMA)... |
| CVE-2023-50708 | 2023-12-22 | yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation |
| CVE-2023-50714 | 2023-12-22 | The Oauth2 PKCE implementation is vulnerable |
| CVE-2023-50712 | 2023-12-22 | Improper Neutralization of Alternate XSS Syntax in iris-web |
| CVE-2023-50725 | 2023-12-22 | Resque vulnerable to reflected XSS in resque-web failed and queues lists |
| CVE-2023-50727 | 2023-12-22 | Resque vulnerable to reflected XSS in Queue Endpoint |
| CVE-2023-50730 | 2023-12-22 | Grackle has StackOverflowError in GraphQL query processing |
| CVE-2023-50924 | 2023-12-22 | Stored XSS in Overview and Output fields |
| CVE-2023-50731 | 2023-12-22 | MindsDB has arbitrary file write in file.py |
| CVE-2023-51387 | 2023-12-22 | Expression Injection Vulnerability in Hertzbeat |
| CVE-2023-51650 | 2023-12-22 | Unauthorized access vulnerability on three interfaces |
| CVE-2023-51449 | 2023-12-22 | Make the `/file` secure against file traversal attacks |
| CVE-2023-50928 | 2023-12-22 | sandbox-accounts-for-events security misconfiguration leads to budget exceed |
| CVE-2023-51451 | 2023-12-22 | SSRF in symbolicator via invalid protocol |
| CVE-2023-51651 | 2023-12-22 | Potential URI resolution path traversal in the AWS SDK for PHP |
| CVE-2023-51386 | 2023-12-22 | Sandbox Accounts for Events vulnerable to privilege escalation to read running events data |
| CVE-2023-6972 | 2023-12-23 | The Backup Migration plugin for WordPress is vulnerable to Path... |
| CVE-2023-6971 | 2023-12-23 | The Backup Migration plugin for WordPress is vulnerable to Remote... |
| CVE-2023-7002 | 2023-12-23 | The Backup Migration plugin for WordPress is vulnerable to OS... |
| CVE-2023-5961 | 2023-12-23 | ioLogik E1200 Series: Cross-Site Request Forgery (CSRF) Vulnerability |
| CVE-2023-5962 | 2023-12-23 | ioLogik E1200 Series: Weak Cryptographic Algorithm Vulnerability |
| CVE-2023-6744 | 2023-12-23 | The Divi theme for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2020-36769 | 2023-12-23 | The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to... |
| CVE-2023-7008 | 2023-12-23 | Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes |
| CVE-2014-125108 | 2023-12-23 | w3c online-spellchecker-py spellchecker cross site scripting |
| CVE-2016-15036 | 2023-12-23 | Deis Workflow Manager race condition |
| CVE-2023-49594 | 2023-12-23 | An information disclosure vulnerability exists in the challenge functionality of... |
| CVE-2023-7090 | 2023-12-23 | Sudo: improper handling of ipa_hostname leads to privilege mismanagement |
| CVE-2023-51714 | 2023-12-24 | An issue was discovered in the HTTP2 implementation in Qt... |
| CVE-2023-51763 | 2023-12-24 | csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV... |
| CVE-2023-51764 | 2023-12-24 | Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining... |
| CVE-2023-51765 | 2023-12-24 | sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote... |
| CVE-2023-51766 | 2023-12-24 | Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations.... |
| CVE-2023-51767 | 2023-12-24 | OpenSSH through 9.6, when common types of DRAM are used,... |