CVE List - 2023 / July
Showing 1701 - 1800 of 2295 CVEs for July 2023 (Page 18 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-32446 | 2023-07-20 | Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read... |
| CVE-2023-32447 | 2023-07-20 | Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive... |
| CVE-2023-3786 | 2023-07-20 | Aures Komet Kiosk Mode access control |
| CVE-2023-32476 | 2023-07-20 | Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files. |
| CVE-2023-32265 | 2023-07-20 | Mitigations and availability of updates relating to security vulnerability in ESCWA component CVE-2023-32265. |
| CVE-2022-2127 | 2023-07-20 | Samba: out-of-bounds read in winbind auth_crap |
| CVE-2023-3787 | 2023-07-20 | Codecanyon Tiva Events Calender cross site scripting |
| CVE-2023-3347 | 2023-07-20 | Samba: smb2 packet signing is not enforced when "server signing = required" is set |
| CVE-2023-34966 | 2023-07-20 | Samba: infinite loop in mdssvc rpc service for spotlight |
| CVE-2023-34967 | 2023-07-20 | Samba: type confusion in mdssvc rpc service for spotlight |
| CVE-2023-34968 | 2023-07-20 | Samba: spotlight server-side share path disclosure |
| CVE-2023-3788 | 2023-07-20 | ActiveITzone Active Super Shop CMS Manage Details Page cross site scripting |
| CVE-2023-38203 | 2023-07-20 | Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE |
| CVE-2023-3789 | 2023-07-20 | PaulPrinting CMS Search delivery cross site scripting |
| CVE-2023-3790 | 2023-07-20 | Boom CMS assets-manager add cross site scripting |
| CVE-2023-37471 | 2023-07-20 | User impersonation using SAMLv1.x SSO in Open Access Management |
| CVE-2023-3791 | 2023-07-20 | IBOS OA Personal Office Address Book export actionExport sql injection |
| CVE-2023-3792 | 2023-07-20 | Beijing Netcon NS-ASG test_status.php direct request |
| CVE-2023-3793 | 2023-07-20 | Weaver e-cology HTTP POST Request filelFileDownloadForOutDoc.class sql injection |
| CVE-2023-3794 | 2023-07-20 | Bug Finder ChainCity Real Estate Investment Platform New Ticket create cross site scripting |
| CVE-2023-3795 | 2023-07-20 | Bug Finder ChainCity Real Estate Investment Platform GET Parameter property sql injection |
| CVE-2023-3796 | 2023-07-20 | Bug Finder Foody Friend Profile Picture profile unrestricted upload |
| CVE-2023-3797 | 2023-07-20 | Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System UploadFloodPlanFileUpdate.ashx unrestricted upload |
| CVE-2023-3798 | 2023-07-20 | Chengdu Flash Flood Disaster Monitoring and Warning System upload.aspx unrestricted upload |
| CVE-2023-3799 | 2023-07-20 | IBOS OA Delete Category del sql injection |
| CVE-2023-3800 | 2023-07-20 | EasyAdmin8 File Upload Module index.html unrestricted upload |
| CVE-2023-25835 | 2023-07-20 | BUG-000153659 ArcGIS Enterprise Sites has a stored XSS vulnerability |
| CVE-2023-3801 | 2023-07-20 | IBOS OA Mobile Notification edit actionEdit sql injection |
| CVE-2021-35391 | 2023-07-21 | Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. |
| CVE-2023-36339 | 2023-07-21 | An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request. |
| CVE-2023-37742 | 2023-07-21 | WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. |
| CVE-2023-38632 | 2023-07-21 | async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets. |
| CVE-2023-38646 | 2023-07-21 | Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation.... |
| CVE-2023-3802 | 2023-07-21 | Chengdu Flash Flood Disaster Monitoring and Warning System Ajaxfileupload.ashx unrestricted upload |
| CVE-2023-3803 | 2023-07-21 | Chengdu Flash Flood Disaster Monitoring and Warning System File Name ImageStationDataService.asmx random values |
| CVE-2023-32624 | 2023-07-21 | Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2023-32625 | 2023-07-21 | Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by... |
| CVE-2023-3804 | 2023-07-21 | Chengdu Flash Flood Disaster Monitoring and Warning System FileHandler.ashx unrestricted upload |
| CVE-2023-3805 | 2023-07-21 | Xiamen Four Letter Video Surveillance Management System Login UserInfoAction.class improper authorization |
| CVE-2023-3806 | 2023-07-21 | SourceCodester House Rental and Property Listing System btn_functions.php unrestricted upload |
| CVE-2023-3813 | 2023-07-21 | The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the... |
| CVE-2023-3807 | 2023-07-21 | Campcodes Beauty Salon Management System edit_product.php sql injection |
| CVE-2023-3808 | 2023-07-21 | Hospital Management System patientforgotpassword.php sql injection |
| CVE-2023-37291 | 2023-07-21 | Galaxy Software Services Vitals ESP - Use of Hard-coded Cryptographic Key |
| CVE-2023-3809 | 2023-07-21 | Hospital Management System patient.php sql injection |
| CVE-2023-25836 | 2023-07-21 | BUG-000135364 XSS in 10.8.1 sites builder iframe source |
| CVE-2023-25837 | 2023-07-21 | BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS. |
| CVE-2023-3810 | 2023-07-21 | Hospital Management System patientappointment.php sql injection |
| CVE-2023-37292 | 2023-07-21 | HGiga iSherlock - Command Injection |
| CVE-2023-3811 | 2023-07-21 | Hospital Management System patientprofile.php sql injection |
| CVE-2023-3815 | 2023-07-21 | y_project RuoYi File Upload uploadFilesPath cross site scripting |
| CVE-2023-32478 | 2023-07-21 | Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information... |
| CVE-2023-28728 | 2023-07-21 | A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. |
| CVE-2023-28729 | 2023-07-21 | A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. |
| CVE-2023-28730 | 2023-07-21 | A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. |
| CVE-2023-35086 | 2023-07-21 | ASUS RT-AX56U V2 & RT-AC86U - Format String -1 |
| CVE-2023-35087 | 2023-07-21 | ASUS RT-AX56U V2 & RT-AC86U - Format String - 2 |
| CVE-2023-3484 | 2023-07-21 | Incorrect Authorization in GitLab |
| CVE-2023-3819 | 2023-07-21 | Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore |
| CVE-2023-3820 | 2023-07-21 | SQL Injection in pimcore/pimcore |
| CVE-2023-3821 | 2023-07-21 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-3822 | 2023-07-21 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2023-3102 | 2023-07-21 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-26301 | 2023-07-21 | Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. |
| CVE-2023-38173 | 2023-07-21 | Microsoft Edge for Android Spoofing Vulnerability |
| CVE-2023-35392 | 2023-07-21 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2023-38187 | 2023-07-21 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-37901 | 2023-07-21 | Cross-Site-Scripting via confirmation prompts |
| CVE-2023-25840 | 2023-07-21 | BUG-000154070 Stored XSS issue in the ArcGIS REST Services directory |
| CVE-2023-25841 | 2023-07-21 | BUG-000158075 Stored XSS issue in ArcGIS Server |
| CVE-2023-3603 | 2023-07-21 | Processing sftp server read may cause null dereference |
| CVE-2023-37905 | 2023-07-21 | Cross-site Scripting (XSS) in Source Mode of Editor in ckeditor-wordcount-plugin |
| CVE-2023-37903 | 2023-07-21 | Sandbox Escape in vm2 |
| CVE-2023-37915 | 2023-07-21 | Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS |
| CVE-2023-37918 | 2023-07-21 | API token authentication bypass in HTTP endpoints in Dapr |
| CVE-2023-37917 | 2023-07-21 | Privilege Escalation in kubepi |
| CVE-2023-37916 | 2023-07-21 | Leak password hash of any user |
| CVE-2022-37331 | 2023-07-21 | An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution.... |
| CVE-2022-43467 | 2023-07-21 | An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution.... |
| CVE-2022-46280 | 2023-07-21 | A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary... |
| CVE-2022-44451 | 2023-07-21 | A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary... |
| CVE-2022-42885 | 2023-07-21 | A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary... |
| CVE-2022-41793 | 2023-07-21 | An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution.... |
| CVE-2022-46291 | 2023-07-21 | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary... |
| CVE-2022-46292 | 2023-07-21 | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary... |
| CVE-2022-46293 | 2023-07-21 | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary... |
| CVE-2022-46294 | 2023-07-21 | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary... |
| CVE-2022-46295 | 2023-07-21 | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary... |
| CVE-2022-46289 | 2023-07-21 | Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An... |
| CVE-2022-46290 | 2023-07-21 | Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An... |
| CVE-2022-43607 | 2023-07-21 | An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary... |
| CVE-2023-3609 | 2023-07-21 | Use-after-free in Linux kernel's net/sched: cls_u32 component |
| CVE-2023-3610 | 2023-07-21 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2023-3611 | 2023-07-21 | Out-of-bounds write in Linux kernel's net/sched: sch_qfq component |
| CVE-2023-3776 | 2023-07-21 | Use-after-free in Linux kernel's net/sched: cls_fw component |
| CVE-2023-35077 | 2023-07-21 | An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above. |
| CVE-2023-38195 | 2023-07-22 | Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used.... |
| CVE-2023-38633 | 2023-07-22 | A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the... |
| CVE-2023-25929 | 2023-07-22 | IBM Cognos Analytics cross-site scripting |
| CVE-2023-28530 | 2023-07-22 | IBM Cognos Analytics cross-site scripting |