CVE List - 2023 / December
Showing 701 - 800 of 2674 CVEs for December 2023 (Page 8 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-23372 | 2023-12-08 | QTS, QuTS hero |
| CVE-2023-32968 | 2023-12-08 | QTS, QuTS hero |
| CVE-2023-6615 | 2023-12-08 | Typecho manage-users.php information disclosure |
| CVE-2023-6616 | 2023-12-08 | SourceCodester Simple Student Attendance System index.php cross site scripting |
| CVE-2023-6606 | 2023-12-08 | Kernel: out-of-bounds read vulnerability in smbcalcsize |
| CVE-2023-6610 | 2023-12-08 | Kernel: oob access in smb2_dump_detail |
| CVE-2023-6617 | 2023-12-08 | SourceCodester Simple Student Attendance System attendance.php sql injection |
| CVE-2023-6618 | 2023-12-08 | SourceCodester Simple Student Attendance System index.php file inclusion |
| CVE-2023-6619 | 2023-12-08 | SourceCodester Simple Student Attendance System class_form.php sql injection |
| CVE-2023-6622 | 2023-12-08 | Kernel: null pointer dereference vulnerability in nft_dynset_init() |
| CVE-2023-6507 | 2023-12-08 | Groups not dropped before running subprocess when using empty 'extra_groups' parameter |
| CVE-2023-49788 | 2023-12-08 | Improper handling of browser-side provided input in richdocuments path handling |
| CVE-2023-49782 | 2023-12-08 | Cross-Site-Scripting vulnerability in error message passing in richdocumentscode |
| CVE-2023-48311 | 2023-12-08 | Any image allowed by default |
| CVE-2023-34320 | 2023-12-08 | arm: Guests can trigger a deadlock on Cortex-A77 |
| CVE-2023-6337 | 2023-12-08 | Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests |
| CVE-2023-49798 | 2023-12-08 | Duplicated execution of subcalls in OpenZeppelin Contracts |
| CVE-2023-49800 | 2023-12-08 | Denial of service by abusing `fetchOptions.retry` in nuxt-api-party |
| CVE-2023-49799 | 2023-12-08 | Server-Side Request Forgery in nuxt-api-party |
| CVE-2023-6560 | 2023-12-08 | Kernel: io_uring out of boundary memory access in __io_uaddr_map() |
| CVE-2021-46899 | 2023-12-09 | SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing... |
| CVE-2023-28868 | 2023-12-09 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows... |
| CVE-2023-28869 | 2023-12-09 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows... |
| CVE-2023-28870 | 2023-12-09 | Insecure File Permissions in Support Assistant in NCP Secure Enterprise... |
| CVE-2023-28871 | 2023-12-09 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows... |
| CVE-2023-28873 | 2023-12-09 | An XSS issue in wiki and discussion pages in Seafile... |
| CVE-2023-28874 | 2023-12-09 | The next parameter in the /accounts/login endpoint of Seafile 9.0.6... |
| CVE-2023-47254 | 2023-12-09 | An OS Command Injection in the CLI interface on DrayTek... |
| CVE-2023-47465 | 2023-12-09 | An issue in GPAC v.2.2.1 and before allows a local... |
| CVE-2023-50428 | 2023-12-09 | In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115,... |
| CVE-2023-50429 | 2023-12-09 | IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. |
| CVE-2023-50430 | 2023-12-09 | The Goodix Fingerprint Device, as shipped in Dell Inspiron 15... |
| CVE-2023-50431 | 2023-12-09 | sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows... |
| CVE-2023-46932 | 2023-12-09 | Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers... |
| CVE-2023-49797 | 2023-12-09 | Local Privilege Escalation in pyinstaller on Windows |
| CVE-2023-6394 | 2023-12-09 | Quarkus: graphql operations over websockets bypass |
| CVE-2020-25835 | 2023-12-09 | Micro Focus ArcSight Management Center Remote Vulnerability |
| CVE-2023-28527 | 2023-12-09 | IBM Informix Dynamic Server buffer overflow |
| CVE-2023-28526 | 2023-12-09 | IBM Informix Dynamic Server buffer overflow |
| CVE-2023-28523 | 2023-12-09 | IBM Informix Dynamic Server buffer overflow |
| CVE-2023-47722 | 2023-12-09 | IBM API Connect information disclosure |
| CVE-2023-5756 | 2023-12-09 | The Digital Publications by Supsystic plugin for WordPress is vulnerable... |
| CVE-2023-6120 | 2023-12-09 | The Welcart e-Commerce plugin for WordPress is vulnerable to Directory... |
| CVE-2023-6646 | 2023-12-09 | linkding cross site scripting |
| CVE-2022-48614 | 2023-12-10 | Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS. |
| CVE-2023-50446 | 2023-12-10 | An issue was discovered in Mullvad VPN Windows app before... |
| CVE-2023-50449 | 2023-12-10 | JFinalCMS 5.0.0 could allow a remote attacker to read files... |
| CVE-2023-50453 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. It uses... |
| CVE-2023-50454 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. In several... |
| CVE-2023-50455 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. Due to... |
| CVE-2023-50457 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. When listing... |
| CVE-2023-50463 | 2023-12-10 | The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2,... |
| CVE-2023-50456 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. An attacker... |
| CVE-2023-6647 | 2023-12-10 | AMTT HiBOS sql injection |
| CVE-2023-6648 | 2023-12-10 | PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection |
| CVE-2023-6649 | 2023-12-10 | PHPGurukul Teacher Subject Allocation Management System index.php cross site scripting |
| CVE-2023-6650 | 2023-12-10 | SourceCodester Simple Invoice Generator System login.php cross site scripting |
| CVE-2023-6651 | 2023-12-10 | code-projects Matrimonial Site sql injection |
| CVE-2023-6652 | 2023-12-10 | code-projects Matrimonial Site register.php register sql injection |
| CVE-2023-6653 | 2023-12-10 | PHPGurukul Teacher Subject Allocation Management System Create a new Subject subject.php cross-site request forgery |
| CVE-2023-6654 | 2023-12-10 | PHPEMS Session Data session.cls.php deserialization |
| CVE-2023-6655 | 2023-12-10 | Hongjing e-HR Login Interface loadhistroyorgtree sql injection |
| CVE-2023-5869 | 2023-12-10 | Postgresql: buffer overrun from integer overflow in array modification |
| CVE-2023-5868 | 2023-12-10 | Postgresql: memory disclosure in aggregate function calls |
| CVE-2023-5870 | 2023-12-10 | Postgresql: role pg_signal_backend can signal certain superuser processes. |
| CVE-2023-6656 | 2023-12-10 | DeepFaceLab DFLJPG.py deserialization |
| CVE-2023-6657 | 2023-12-10 | SourceCodester Simple Student Attendance System student_form.php sql injection |
| CVE-2023-6658 | 2023-12-10 | SourceCodester Simple Student Attendance System sql injection |
| CVE-2020-12613 | 2023-12-11 | An issue was discovered in BeyondTrust Privilege Management for Windows... |
| CVE-2023-36646 | 2023-12-11 | Incorrect user role checking in multiple REST API endpoints in... |
| CVE-2023-49355 | 2023-12-11 | decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds... |
| CVE-2023-49418 | 2023-12-11 | TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. |
| CVE-2023-49488 | 2023-12-11 | A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows... |
| CVE-2023-49490 | 2023-12-11 | XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting... |
| CVE-2023-49494 | 2023-12-11 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting... |
| CVE-2023-49964 | 2023-12-11 | An issue was discovered in Hyland Alfresco Community Edition through... |
| CVE-2023-50465 | 2023-12-11 | A stored cross-site scripting (XSS) vulnerability exists in Monica (aka... |
| CVE-2021-3187 | 2023-12-11 | An issue was discovered in BeyondTrust Privilege Management for Mac... |
| CVE-2023-49417 | 2023-12-11 | TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. |
| CVE-2023-6659 | 2023-12-11 | Campcodes Web-Based Student Clearance System login.php sql injection |
| CVE-2023-48417 | 2023-12-11 | Missing Permission checks resulting in unauthorized access and Manipulation in... |
| CVE-2023-48424 | 2023-12-11 | U-Boot shell vulnerability resulting in Privilege escalation in a production... |
| CVE-2023-48425 | 2023-12-11 | U-Boot vulnerability resulting in persistent Code Execution |
| CVE-2023-6181 | 2023-12-11 | An oversight in BCB handling of reboot reason that allows... |
| CVE-2023-5500 | 2023-12-11 | Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability |
| CVE-2023-6185 | 2023-12-11 | Improper input validation enabling arbitrary Gstreamer pipeline injection |
| CVE-2023-6186 | 2023-12-11 | Link targets allow arbitrary script execution |
| CVE-2023-6671 | 2023-12-11 | Cross-Site Request Forgery on OPEN JOURNAL SYSTEMS |
| CVE-2023-6194 | 2023-12-11 | In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition... |
| CVE-2023-6538 | 2023-12-11 | System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data. |
| CVE-2023-6679 | 2023-12-11 | Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c |
| CVE-2023-48715 | 2023-12-11 | Tuleap vulnerable to Cross-site Scripting on the edition page of a release |
| CVE-2023-49795 | 2023-12-11 | MindsDB Server-Side Request Forgery vulnerability |
| CVE-2023-5907 | 2023-12-11 | File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal |
| CVE-2023-6035 | 2023-12-11 | EazyDocs < 2.3.4 - Subscriber + SQLi |
| CVE-2023-5750 | 2023-12-11 | EmbedPress < 3.9.2 - Reflected XSS |
| CVE-2023-5940 | 2023-12-11 | WP Not Login Hide <= 1.0 - Admin+ Stored XSS |
| CVE-2023-5757 | 2023-12-11 | WP Crowdfunding < 2.1.8 - Admin+ Stored XSS |
| CVE-2023-5749 | 2023-12-11 | EmbedPress < 3.9.2 - Reflected XSS |
| CVE-2023-5955 | 2023-12-11 | Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting |