CVE List - 2023 / July
Showing 1601 - 1700 of 2295 CVEs for July 2023 (Page 17 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-37748 | 2023-07-19 | ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. |
| CVE-2023-3751 | 2023-07-19 | Super Store Finder POST Parameter index.php sql injection |
| CVE-2023-30433 | 2023-07-19 | IBM Security Verify Access HTTP open redirect |
| CVE-2023-35898 | 2023-07-19 | IBM InfoSphere Information Server information disclosure |
| CVE-2023-33832 | 2023-07-19 | IBM Storage Protect denial of service |
| CVE-2023-3765 | 2023-07-19 | Absolute Path Traversal in mlflow/mlflow |
| CVE-2023-35900 | 2023-07-19 | IBM Robotic Process Automation information disclosure |
| CVE-2023-29259 | 2023-07-19 | IBM Sterling Connect:Express for UNIX information disclosure |
| CVE-2023-29260 | 2023-07-19 | IBM Sterling Connect:Express for UNIX server-side request forgery |
| CVE-2021-38933 | 2023-07-19 | IBM Sterling Connect:Express for UNIX information disclosure |
| CVE-2023-3752 | 2023-07-19 | Creativeitem Academy LMS courses cross site scripting |
| CVE-2023-27877 | 2023-07-19 | IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure |
| CVE-2023-26023 | 2023-07-19 | IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure |
| CVE-2023-26026 | 2023-07-19 | IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure |
| CVE-2023-28513 | 2023-07-19 | IBM MQ denial of service |
| CVE-2022-43908 | 2023-07-19 | IBM Security Guardium denial of service |
| CVE-2023-3753 | 2023-07-19 | Creativeitem Mastery LMS browse cross site scripting |
| CVE-2022-43910 | 2023-07-19 | IBM Security Guardium privilege escalation |
| CVE-2023-3754 | 2023-07-19 | Creativeitem Ekushey Project Manager CRM xxxxxxxx[random-msg-hash] cross site scripting |
| CVE-2023-3755 | 2023-07-19 | Creativeitem Atlas Business Directory Listing filter_listings cross site scripting |
| CVE-2023-3756 | 2023-07-19 | Creativeitem Atlas Business Directory Listing search cross site scripting |
| CVE-2023-3757 | 2023-07-19 | GZ Scripts Car Rental Script cross site scripting |
| CVE-2023-3759 | 2023-07-19 | Intergard SGS permission |
| CVE-2023-3760 | 2023-07-19 | Intergard SGS Change Password denial of service |
| CVE-2023-32635 | 2023-07-19 | XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read... |
| CVE-2023-3761 | 2023-07-19 | Intergard SGS Password Change cleartext transmission |
| CVE-2023-3762 | 2023-07-19 | Intergard SGS sensitive information in memory |
| CVE-2023-3763 | 2023-07-19 | Intergard SGS SQL Query cleartext transmission |
| CVE-2023-28754 | 2023-07-19 | ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent |
| CVE-2023-3446 | 2023-07-19 | Excessive time spent checking DH keys and parameters |
| CVE-2023-33876 | 2023-07-19 | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object,... |
| CVE-2023-32664 | 2023-07-19 | A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and... |
| CVE-2023-33866 | 2023-07-19 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the... |
| CVE-2023-27379 | 2023-07-19 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the... |
| CVE-2023-28744 | 2023-07-19 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating... |
| CVE-2023-3463 | 2023-07-19 | GE Digital CIMPLICITY Heap-based Buffer Overflow |
| CVE-2023-34034 | 2023-07-19 | Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. |
| CVE-2023-3638 | 2023-07-19 | GeoVision GV-ADR2701 Improper Authentication |
| CVE-2023-30799 | 2023-07-19 | MikroTik RouterOS Administrator Privilege Escalation |
| CVE-2023-25838 | 2023-07-19 | BUG-000157278 – ArcGIS Insights has a security vulnerability. |
| CVE-2023-25839 | 2023-07-19 | BUG-000157278 – ArcGIS Insights has a security vulnerability - desktop |
| CVE-2023-32261 | 2023-07-19 | Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3 |
| CVE-2023-32262 | 2023-07-19 | Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3 |
| CVE-2023-32263 | 2023-07-19 | Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3 |
| CVE-2023-3519 | 2023-07-19 | Unauthenticated remote code execution |
| CVE-2023-3466 | 2023-07-19 | Reflected Cross-Site Scripting (XSS) |
| CVE-2023-3674 | 2023-07-19 | Keylime: attestation failure when the quote's signature does not validate |
| CVE-2023-3467 | 2023-07-19 | Privilege Escalation to root administrator (nsroot) |
| CVE-2023-37276 | 2023-07-19 | aiohttp vulnerable to HTTP request smuggling |
| CVE-2023-37899 | 2023-07-19 | feathersjs socket handler allows abusing implicit toString |
| CVE-2023-3722 | 2023-07-19 | Avaya Aura Device Services Remote Code Execution |
| CVE-2023-26217 | 2023-07-19 | TIBCO EBX Add-ons SQL Injection Vulnerability |
| CVE-2023-3782 | 2023-07-19 | DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response |
| CVE-2023-35134 | 2023-07-19 | Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password |
| CVE-2023-34429 | 2023-07-19 | Weintek Weincloud Improper Handling of Structural Elements |
| CVE-2023-32657 | 2023-07-19 | Weintek Weincloud Improper Restriction of Excessive Authentication Attempts |
| CVE-2023-37362 | 2023-07-19 | Weintek Weincloud Improper Authentication |
| CVE-2023-34394 | 2023-07-19 | Keysight N6845A Relative Path Traversal |
| CVE-2023-36853 | 2023-07-19 | Keysight Geolocation Server Exposed Dangerous Method or Function |
| CVE-2023-3072 | 2023-07-19 | Nomad ACL Policies without Label are Applied to Unexpected Resources |
| CVE-2023-3299 | 2023-07-19 | Nomad Caller ACL Token's Secret ID is Exposed to Sentinel |
| CVE-2023-3300 | 2023-07-19 | Nomad Search API Leaks Information About CSI Plugins |
| CVE-2020-24275 | 2023-07-20 | A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. |
| CVE-2021-39425 | 2023-07-20 | SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click... |
| CVE-2021-45094 | 2023-07-20 | Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. |
| CVE-2023-30200 | 2023-07-20 | In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without... |
| CVE-2023-31461 | 2023-07-20 | Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability. |
| CVE-2023-31462 | 2023-07-20 | An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger... |
| CVE-2023-31753 | 2023-07-20 | SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter. |
| CVE-2023-34625 | 2023-07-20 | ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user... |
| CVE-2023-37164 | 2023-07-20 | Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search. |
| CVE-2023-37165 | 2023-07-20 | Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php. |
| CVE-2023-37600 | 2023-07-20 | Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile. |
| CVE-2023-37601 | 2023-07-20 | Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts. |
| CVE-2023-37602 | 2023-07-20 | An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. |
| CVE-2023-37645 | 2023-07-20 | eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt. |
| CVE-2023-37649 | 2023-07-20 | Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data. |
| CVE-2023-37650 | 2023-07-20 | A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands. |
| CVE-2023-37728 | 2023-07-20 | IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. |
| CVE-2023-38334 | 2023-07-20 | Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename,... |
| CVE-2023-38335 | 2023-07-20 | Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation... |
| CVE-2023-38408 | 2023-07-20 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code... |
| CVE-2023-38523 | 2023-07-20 | The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of... |
| CVE-2023-38617 | 2023-07-20 | Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files. |
| CVE-2022-28733 | 2023-07-20 | Integer underflow in grub_net_recv_ip4_packets |
| CVE-2022-28734 | 2023-07-20 | Out-of-bounds write when handling split HTTP headers |
| CVE-2022-28735 | 2023-07-20 | The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be... |
| CVE-2022-28736 | 2023-07-20 | There's a use-after-free vulnerability in grub_cmd_chainloader() function |
| CVE-2022-28737 | 2023-07-20 | There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables |
| CVE-2023-37289 | 2023-07-20 | InfoDoc Document On-line Submission and Approval System - Arbitrary File Upload |
| CVE-2023-3779 | 2023-07-20 | The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key... |
| CVE-2021-39822 | 2023-07-20 | Adobe InDesign BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-3783 | 2023-07-20 | Webile HTTP POST Request cross site scripting |
| CVE-2023-3784 | 2023-07-20 | Dooblou WiFi File Explorer cross site scripting |
| CVE-2023-3785 | 2023-07-20 | PaulPrinting CMS cross site scripting |
| CVE-2023-37290 | 2023-07-20 | InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF) |
| CVE-2023-32481 | 2023-07-20 | Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to... |
| CVE-2023-32482 | 2023-07-20 | Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group. |
| CVE-2023-32483 | 2023-07-20 | Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability... |
| CVE-2023-32455 | 2023-07-20 | Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read... |