CVE List - 2023 / December
Showing 701 - 800 of 2673 CVEs for December 2023 (Page 8 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-6615 | 2023-12-08 | Typecho manage-users.php information disclosure |
| CVE-2023-6616 | 2023-12-08 | SourceCodester Simple Student Attendance System index.php cross site scripting |
| CVE-2023-6606 | 2023-12-08 | Kernel: out-of-bounds read vulnerability in smbcalcsize |
| CVE-2023-6610 | 2023-12-08 | Kernel: oob access in smb2_dump_detail |
| CVE-2023-6617 | 2023-12-08 | SourceCodester Simple Student Attendance System attendance.php sql injection |
| CVE-2023-6618 | 2023-12-08 | SourceCodester Simple Student Attendance System index.php file inclusion |
| CVE-2023-6619 | 2023-12-08 | SourceCodester Simple Student Attendance System class_form.php sql injection |
| CVE-2023-6622 | 2023-12-08 | Kernel: null pointer dereference vulnerability in nft_dynset_init() |
| CVE-2023-6507 | 2023-12-08 | Groups not dropped before running subprocess when using empty 'extra_groups' parameter |
| CVE-2023-49788 | 2023-12-08 | Improper handling of browser-side provided input in richdocuments path handling |
| CVE-2023-49782 | 2023-12-08 | Cross-Site-Scripting vulnerability in error message passing in richdocumentscode |
| CVE-2023-48311 | 2023-12-08 | Any image allowed by default |
| CVE-2023-34320 | 2023-12-08 | arm: Guests can trigger a deadlock on Cortex-A77 |
| CVE-2023-6337 | 2023-12-08 | Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests |
| CVE-2023-49798 | 2023-12-08 | Duplicated execution of subcalls in OpenZeppelin Contracts |
| CVE-2023-49800 | 2023-12-08 | Denial of service by abusing `fetchOptions.retry` in nuxt-api-party |
| CVE-2023-49799 | 2023-12-08 | Server-Side Request Forgery in nuxt-api-party |
| CVE-2023-6560 | 2023-12-08 | Kernel: io_uring out of boundary memory access in __io_uaddr_map() |
| CVE-2021-46899 | 2023-12-09 | SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application. |
| CVE-2023-28868 | 2023-12-09 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. |
| CVE-2023-28869 | 2023-12-09 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. |
| CVE-2023-28870 | 2023-12-09 | Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. |
| CVE-2023-28871 | 2023-12-09 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. |
| CVE-2023-28873 | 2023-12-09 | An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. |
| CVE-2023-28874 | 2023-12-09 | The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. |
| CVE-2023-47254 | 2023-12-09 | An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the... |
| CVE-2023-47465 | 2023-12-09 | An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. |
| CVE-2023-50428 | 2023-12-09 | In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild... |
| CVE-2023-50429 | 2023-12-09 | IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. |
| CVE-2023-50430 | 2023-12-09 | The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet... |
| CVE-2023-50431 | 2023-12-09 | sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. |
| CVE-2023-46932 | 2023-12-09 | Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. |
| CVE-2023-49797 | 2023-12-09 | Local Privilege Escalation in pyinstaller on Windows |
| CVE-2023-6394 | 2023-12-09 | Quarkus: graphql operations over websockets bypass |
| CVE-2020-25835 | 2023-12-09 | Micro Focus ArcSight Management Center Remote Vulnerability |
| CVE-2023-28527 | 2023-12-09 | IBM Informix Dynamic Server buffer overflow |
| CVE-2023-28526 | 2023-12-09 | IBM Informix Dynamic Server buffer overflow |
| CVE-2023-28523 | 2023-12-09 | IBM Informix Dynamic Server buffer overflow |
| CVE-2023-47722 | 2023-12-09 | IBM API Connect information disclosure |
| CVE-2023-5756 | 2023-12-09 | The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation... |
| CVE-2023-6120 | 2023-12-09 | The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to... |
| CVE-2023-6646 | 2023-12-09 | linkding cross site scripting |
| CVE-2022-48614 | 2023-12-10 | Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS. |
| CVE-2023-50446 | 2023-12-10 | An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM. |
| CVE-2023-50449 | 2023-12-10 | JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. |
| CVE-2023-50453 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as... |
| CVE-2023-50454 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is... |
| CVE-2023-50455 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address... |
| CVE-2023-50457 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for... |
| CVE-2023-50463 | 2023-12-10 | The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass... |
| CVE-2023-50456 | 2023-12-10 | An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name. |
| CVE-2023-6647 | 2023-12-10 | AMTT HiBOS sql injection |
| CVE-2023-6648 | 2023-12-10 | PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection |
| CVE-2023-6649 | 2023-12-10 | PHPGurukul Teacher Subject Allocation Management System index.php cross site scripting |
| CVE-2023-6650 | 2023-12-10 | SourceCodester Simple Invoice Generator System login.php cross site scripting |
| CVE-2023-6651 | 2023-12-10 | code-projects Matrimonial Site sql injection |
| CVE-2023-6652 | 2023-12-10 | code-projects Matrimonial Site register.php register sql injection |
| CVE-2023-6653 | 2023-12-10 | PHPGurukul Teacher Subject Allocation Management System Create a new Subject subject.php cross-site request forgery |
| CVE-2023-6654 | 2023-12-10 | PHPEMS Session Data session.cls.php deserialization |
| CVE-2023-6655 | 2023-12-10 | Hongjing e-HR Login Interface loadhistroyorgtree sql injection |
| CVE-2023-5869 | 2023-12-10 | Postgresql: buffer overrun from integer overflow in array modification |
| CVE-2023-5868 | 2023-12-10 | Postgresql: memory disclosure in aggregate function calls |
| CVE-2023-5870 | 2023-12-10 | Postgresql: role pg_signal_backend can signal certain superuser processes. |
| CVE-2023-6656 | 2023-12-10 | DeepFaceLab DFLJPG.py deserialization |
| CVE-2023-6657 | 2023-12-10 | SourceCodester Simple Student Attendance System student_form.php sql injection |
| CVE-2023-6658 | 2023-12-10 | SourceCodester Simple Student Attendance System sql injection |
| CVE-2020-12613 | 2023-12-11 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto... |
| CVE-2023-36646 | 2023-12-11 | Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST... |
| CVE-2023-49355 | 2023-12-11 | decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001,... |
| CVE-2023-49418 | 2023-12-11 | TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. |
| CVE-2023-49488 | 2023-12-11 | A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter. |
| CVE-2023-49490 | 2023-12-11 | XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php. |
| CVE-2023-49494 | 2023-12-11 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. |
| CVE-2023-49964 | 2023-12-11 | An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can... |
| CVE-2023-50465 | 2023-12-11 | A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user. |
| CVE-2021-3187 | 2023-12-11 | An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a... |
| CVE-2023-49417 | 2023-12-11 | TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. |
| CVE-2023-6659 | 2023-12-11 | Campcodes Web-Based Student Clearance System login.php sql injection |
| CVE-2023-48417 | 2023-12-11 | Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application |
| CVE-2023-48424 | 2023-12-11 | U-Boot shell vulnerability resulting in Privilege escalation in a production device |
| CVE-2023-48425 | 2023-12-11 | U-Boot vulnerability resulting in persistent Code Execution |
| CVE-2023-6181 | 2023-12-11 | An oversight in BCB handling of reboot reason that allows for persistent code execution |
| CVE-2023-5500 | 2023-12-11 | Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability |
| CVE-2023-6185 | 2023-12-11 | Improper input validation enabling arbitrary Gstreamer pipeline injection |
| CVE-2023-6186 | 2023-12-11 | Link targets allow arbitrary script execution |
| CVE-2023-6671 | 2023-12-11 | Cross-Site Request Forgery on OPEN JOURNAL SYSTEMS |
| CVE-2023-6194 | 2023-12-11 | In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a... |
| CVE-2023-6538 | 2023-12-11 | System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data. |
| CVE-2023-6679 | 2023-12-11 | Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c |
| CVE-2023-48715 | 2023-12-11 | Tuleap vulnerable to Cross-site Scripting on the edition page of a release |
| CVE-2023-49795 | 2023-12-11 | MindsDB Server-Side Request Forgery vulnerability |
| CVE-2023-5907 | 2023-12-11 | File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal |
| CVE-2023-6035 | 2023-12-11 | EazyDocs < 2.3.4 - Subscriber + SQLi |
| CVE-2023-5750 | 2023-12-11 | EmbedPress < 3.9.2 - Reflected XSS |
| CVE-2023-5940 | 2023-12-11 | WP Not Login Hide <= 1.0 - Admin+ Stored XSS |
| CVE-2023-5757 | 2023-12-11 | WP Crowdfunding < 2.1.8 - Admin+ Stored XSS |
| CVE-2023-5749 | 2023-12-11 | EmbedPress < 3.9.2 - Reflected XSS |
| CVE-2023-5955 | 2023-12-11 | Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting |
| CVE-2023-49796 | 2023-12-11 | MindsDB Arbitrary File Write vulnerability |
| CVE-2023-49802 | 2023-12-11 | MantisBT LinkedCustomFields Cross-site Scripting vulnerability |