CVE List - 2023 / July
Showing 2001 - 2100 of 2295 CVEs for July 2023 (Page 21 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-37692 | 2023-07-26 | An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2023-37732 | 2023-07-26 | Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. |
| CVE-2023-38285 | 2023-07-26 | Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. |
| CVE-2023-30577 | 2023-07-26 | AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. |
| CVE-2023-2640 | 2023-07-26 | On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them... |
| CVE-2023-32629 | 2023-07-26 | Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels |
| CVE-2023-3947 | 2023-07-26 | The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1.... |
| CVE-2023-3946 | 2023-07-26 | A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the... |
| CVE-2022-2502 | 2023-07-26 | A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured... |
| CVE-2022-4608 | 2023-07-26 | A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with... |
| CVE-2023-20891 | 2023-07-26 | VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability |
| CVE-2023-1401 | 2023-07-26 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-32468 | 2023-07-26 | Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure... |
| CVE-2023-38555 | 2023-07-26 | Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products... |
| CVE-2023-38433 | 2023-07-26 | Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video... |
| CVE-2023-38647 | 2023-07-26 | Apache Helix: Deserialization vulnerability in Helix workflow and REST |
| CVE-2023-38669 | 2023-07-26 | Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition. |
| CVE-2023-38670 | 2023-07-26 | Null pointer dereference in paddle.flip |
| CVE-2023-28130 | 2023-07-26 | Local user may lead to privilege escalation using Gaia Portal hostnames page. |
| CVE-2023-38671 | 2023-07-26 | Heap buffer overflow in paddle.trace |
| CVE-2023-38672 | 2023-07-26 | FPE in paddle.linalg.matrix_power |
| CVE-2023-38673 | 2023-07-26 | Command injection in fs.py |
| CVE-2023-39261 | 2023-07-26 | In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions |
| CVE-2023-23844 | 2023-07-26 | SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability |
| CVE-2023-33225 | 2023-07-26 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability |
| CVE-2023-33224 | 2023-07-26 | SolarWinds Platform Incorrect Behavior Order Vulnerability |
| CVE-2023-39151 | 2023-07-26 | Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS)... |
| CVE-2023-39152 | 2023-07-26 | Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. |
| CVE-2023-39153 | 2023-07-26 | A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. |
| CVE-2023-39154 | 2023-07-26 | Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs... |
| CVE-2023-39155 | 2023-07-26 | Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. |
| CVE-2023-39156 | 2023-07-26 | A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. |
| CVE-2023-23843 | 2023-07-26 | SolarWinds Platform Incorrect Comparison Vulnerability |
| CVE-2023-33308 | 2023-07-26 | A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated... |
| CVE-2023-33229 | 2023-07-26 | SolarWinds Platform Incorrect Input Neutralization Vulnerability |
| CVE-2023-3622 | 2023-07-26 | Access Control Bypass Vulnerability in the SolarWinds Platform |
| CVE-2023-23842 | 2023-07-26 | SolarWinds Network Configuration Manager Directory Traversal Vulnerability |
| CVE-2023-30949 | 2023-07-26 | CVE-2023-30949 |
| CVE-2023-3242 | 2023-07-26 | Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions. |
| CVE-2023-3414 | 2023-07-26 | Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps |
| CVE-2023-3442 | 2023-07-26 | Missing Authorization in Jenkins plug-in for ServiceNow DevOps |
| CVE-2023-28013 | 2023-07-26 | HCL Verse is susceptible to a Reflected Cross-Site Scripting (XSS) Vulnerability |
| CVE-2023-28012 | 2023-07-26 | HCL BigFix Mobile can be affected by a command injection vulnerability |
| CVE-2023-37450 | 2023-07-26 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may... |
| CVE-2023-28014 | 2023-07-26 | HCL BigFix Mobile can be affected by a cross-site scripting (XSS) vulnerability |
| CVE-2023-38133 | 2023-07-26 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS... |
| CVE-2023-38594 | 2023-07-26 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS... |
| CVE-2023-32433 | 2023-07-26 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS... |
| CVE-2023-35983 | 2023-07-26 | This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify... |
| CVE-2023-36854 | 2023-07-26 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app... |
| CVE-2023-32381 | 2023-07-26 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura... |
| CVE-2023-38597 | 2023-07-26 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content... |
| CVE-2023-36862 | 2023-07-26 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s... |
| CVE-2023-32437 | 2023-07-26 | The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of... |
| CVE-2023-38606 | 2023-07-26 | This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big... |
| CVE-2023-38410 | 2023-07-26 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges. |
| CVE-2020-22623 | 2023-07-27 | Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information. |
| CVE-2021-36580 | 2023-07-27 | Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. |
| CVE-2022-31200 | 2023-07-27 | Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field. |
| CVE-2023-33742 | 2023-07-27 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe. |
| CVE-2023-33744 | 2023-07-27 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. |
| CVE-2023-33745 | 2023-07-27 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring... |
| CVE-2023-36941 | 2023-07-27 | A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-36942 | 2023-07-27 | A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-33743 | 2023-07-27 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available. |
| CVE-2023-38580 | 2023-07-27 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute... |
| CVE-2023-38611 | 2023-07-27 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content... |
| CVE-2023-32416 | 2023-07-27 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS... |
| CVE-2023-32441 | 2023-07-27 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big... |
| CVE-2023-38261 | 2023-07-27 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code... |
| CVE-2023-38600 | 2023-07-27 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may... |
| CVE-2023-32364 | 2023-07-27 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions. |
| CVE-2023-32734 | 2023-07-27 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able... |
| CVE-2023-38572 | 2023-07-27 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS... |
| CVE-2023-35993 | 2023-07-27 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS... |
| CVE-2023-38564 | 2023-07-27 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to modify protected parts of the file system. |
| CVE-2023-38421 | 2023-07-27 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory. |
| CVE-2023-38565 | 2023-07-27 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS... |
| CVE-2023-38602 | 2023-07-27 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify... |
| CVE-2023-38593 | 2023-07-27 | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6.... |
| CVE-2023-32393 | 2023-07-27 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead... |
| CVE-2023-38136 | 2023-07-27 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with... |
| CVE-2023-32429 | 2023-07-27 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass Privacy preferences. |
| CVE-2023-38603 | 2023-07-27 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service. |
| CVE-2023-32442 | 2023-07-27 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. A shortcut may be able to modify sensitive Shortcuts app... |
| CVE-2023-38425 | 2023-07-27 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code... |
| CVE-2023-38608 | 2023-07-27 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.5. An app may be able to access user-sensitive data. |
| CVE-2023-38258 | 2023-07-27 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory. |
| CVE-2023-38595 | 2023-07-27 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may... |
| CVE-2023-32418 | 2023-07-27 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app... |
| CVE-2023-38259 | 2023-07-27 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access... |
| CVE-2023-38424 | 2023-07-27 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code... |
| CVE-2023-32443 | 2023-07-27 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to... |
| CVE-2023-32450 | 2023-07-27 | Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. |
| CVE-2023-3956 | 2023-07-27 | The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function... |
| CVE-2023-3957 | 2023-07-27 | The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including,... |
| CVE-2023-3969 | 2023-07-27 | GZ Scripts Availability Booking Calendar PHP HTTP POST Request index.php cross site scripting |
| CVE-2023-3970 | 2023-07-27 | GZ Scripts Availability Booking Calendar PHP Image cross site scripting |
| CVE-2023-38512 | 2023-07-27 | WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37993 | 2023-07-27 | WordPress wpShopGermany IT-RECHT KANZLEI Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS) |