CVE List - 2023 / December
Showing 401 - 500 of 2673 CVEs for December 2023 (Page 5 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-33080 | 2023-12-05 | Buffer over-read in WLAN Firmware |
| CVE-2023-33081 | 2023-12-05 | Buffer over-read in WLAN Firmware |
| CVE-2023-33082 | 2023-12-05 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host |
| CVE-2023-33083 | 2023-12-05 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host |
| CVE-2023-33087 | 2023-12-05 | Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in Core |
| CVE-2023-33088 | 2023-12-05 | NULL pointer dereference in WLAN Firmware |
| CVE-2023-33089 | 2023-12-05 | NULL Pointer Dereference in WLAN Firmware |
| CVE-2023-33092 | 2023-12-05 | Buffer Copy Without Checking Size of Input in Bluetooth HOST |
| CVE-2023-33097 | 2023-12-05 | Buffer Over-read in WLAN Firmware |
| CVE-2023-33098 | 2023-12-05 | Buffer Over-read in WLAN Firmware |
| CVE-2023-33106 | 2023-12-05 | Use of Out-of-range Pointer Offset in Graphics |
| CVE-2023-33107 | 2023-12-05 | Integer Overflow or Wraparound in Graphics Linux |
| CVE-2023-44288 | 2023-12-05 | Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of... |
| CVE-2023-44295 | 2023-12-05 | Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss... |
| CVE-2023-39248 | 2023-12-05 | Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can... |
| CVE-2023-5188 | 2023-12-05 | WAGO Improper Input Validation in IEC61850 Server / Telecontrol |
| CVE-2023-6269 | 2023-12-05 | Argument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF |
| CVE-2023-49070 | 2023-12-05 | Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present |
| CVE-2023-41835 | 2023-12-05 | Apache Struts: excessive disk usage |
| CVE-2023-43608 | 2023-12-05 | A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. |
| CVE-2023-45838 | 2023-12-05 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution... |
| CVE-2023-45839 | 2023-12-05 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution... |
| CVE-2023-45840 | 2023-12-05 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution... |
| CVE-2023-45841 | 2023-12-05 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution... |
| CVE-2023-45842 | 2023-12-05 | Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution... |
| CVE-2023-43628 | 2023-12-05 | An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious... |
| CVE-2022-24403 | 2023-12-05 | De-anonymization attack in TETRA |
| CVE-2023-6357 | 2023-12-05 | OS Command Injection in multiple CODESYS products |
| CVE-2023-6180 | 2023-12-05 | Resource exhaustion via memory leak in tokio-boring |
| CVE-2023-44297 | 2023-12-05 | Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to... |
| CVE-2023-44298 | 2023-12-05 | Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to... |
| CVE-2023-45083 | 2023-12-05 | HyperCloud: "admin" and "serveradmin" users can be deleted |
| CVE-2023-45084 | 2023-12-05 | Media caddy removal and reinsertion without reboot may cause data loss |
| CVE-2023-45085 | 2023-12-05 | When compute hosts are disabled and reenabled, they immediately transition to "ON", not "INIT" |
| CVE-2023-45287 | 2023-12-05 | Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel |
| CVE-2023-46674 | 2023-12-05 | Elasticsearch-hadoop Unsafe Deserialization |
| CVE-2023-6448 | 2023-12-05 | Unitronics VisiLogic uses a default administrative password |
| CVE-2023-44221 | 2023-12-05 | Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to... |
| CVE-2023-5970 | 2023-12-05 | Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. |
| CVE-2023-49297 | 2023-12-05 | Unsafe YAML deserialization in PyDrive2 |
| CVE-2023-46736 | 2023-12-05 | Server-Side Request Forgery in espocrm |
| CVE-2023-49282 | 2023-12-05 | Test code in published microsoft-graph package exposes phpinfo() |
| CVE-2023-49283 | 2023-12-05 | Test code in published microsoft-graph-core package exposes phpinfo() |
| CVE-2023-24547 | 2023-12-05 | On Arista MOS configuration of a BGP password will cause the password to be logged in clear text. |
| CVE-2023-28875 | 2023-12-06 | A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. |
| CVE-2023-28876 | 2023-12-06 | A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. |
| CVE-2023-36655 | 2023-12-06 | The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication... |
| CVE-2023-46353 | 2023-12-06 | In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be... |
| CVE-2023-46354 | 2023-12-06 | In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control,... |
| CVE-2023-46751 | 2023-12-06 | An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. |
| CVE-2023-48123 | 2023-12-06 | An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. |
| CVE-2023-48849 | 2023-12-06 | Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. |
| CVE-2023-48859 | 2023-12-06 | TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. |
| CVE-2023-48930 | 2023-12-06 | xinhu xinhuoa 2.2.1 contains a File upload vulnerability. |
| CVE-2023-48940 | 2023-12-06 | A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2021-27795 | 2023-12-06 | License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, |
| CVE-2023-6508 | 2023-12-06 | Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-6509 | 2023-12-06 | Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit... |
| CVE-2023-6510 | 2023-12-06 | Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap... |
| CVE-2023-6511 | 2023-12-06 | Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-6512 | 2023-12-06 | Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted... |
| CVE-2023-40053 | 2023-12-06 | HTML injection Vulnerability in Serv-U 15.4 |
| CVE-2023-41268 | 2023-12-06 | Possible stack overflow due to insufficient input validation |
| CVE-2023-6527 | 2023-12-06 | The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization... |
| CVE-2023-22524 | 2023-12-06 | Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper... |
| CVE-2023-22523 | 2023-12-06 | This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application... |
| CVE-2023-26154 | 2023-12-06 | Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package... |
| CVE-2023-22522 | 2023-12-06 | This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to... |
| CVE-2023-2861 | 2023-12-06 | Qemu: 9pfs: improper access control on special files |
| CVE-2023-49897 | 2023-12-06 | An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may... |
| CVE-2023-6458 | 2023-12-06 | Client side path traversal due to lack of route parameters validation |
| CVE-2023-6459 | 2023-12-06 | Public endpoint /metrics of Calls plugin reveals channel IDs |
| CVE-2023-6514 | 2023-12-06 | The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions. Successful exploitation of... |
| CVE-2023-46773 | 2023-12-06 | Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation. |
| CVE-2023-49247 | 2023-12-06 | Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-49248 | 2023-12-06 | Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access. |
| CVE-2023-44099 | 2023-12-06 | Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption. |
| CVE-2023-45210 | 2023-12-06 | Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted... |
| CVE-2023-46688 | 2023-12-06 | Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. |
| CVE-2023-34439 | 2023-12-06 | Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. |
| CVE-2023-44113 | 2023-12-06 | Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-49241 | 2023-12-06 | API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-49242 | 2023-12-06 | Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-49243 | 2023-12-06 | Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-49244 | 2023-12-06 | Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-49245 | 2023-12-06 | Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-49246 | 2023-12-06 | Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-49239 | 2023-12-06 | Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-49240 | 2023-12-06 | Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-6273 | 2023-12-06 | Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-32268 | 2023-12-06 | Administrator equivalent Filr user can access proxy administrator credentials |
| CVE-2023-6288 | 2023-12-06 | Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. |
| CVE-2023-39539 | 2023-12-06 | Failure when uploading a Logo image file |
| CVE-2023-39538 | 2023-12-06 | Failure when uploading a Logo image file |
| CVE-2023-39326 | 2023-12-06 | Denial of service via chunk extensions in net/http |
| CVE-2023-45285 | 2023-12-06 | Command 'go get' may unexpectedly fallback to insecure git in cmd/go |
| CVE-2023-6393 | 2023-12-06 | Quarkus: potential invalid reuse of context when @cacheresult on a uni is used |
| CVE-2023-49096 | 2023-12-06 | Argument Injection in FFmpeg codec parameters in Jellyfin |
| CVE-2023-33411 | 2023-12-07 | A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote... |
| CVE-2023-33412 | 2023-12-07 | The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated... |