CVE List - 2023 / July
Showing 101 - 200 of 2295 CVEs for July 2023 (Page 2 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-32666 | 2023-07-04 | In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2023-20748 | 2023-07-04 | In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-21624 | 2023-07-04 | Information Exposure in DSP Services |
| CVE-2023-21629 | 2023-07-04 | Double Free in Modem |
| CVE-2023-21631 | 2023-07-04 | Improper Input Validation in Modem |
| CVE-2023-21633 | 2023-07-04 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux |
| CVE-2023-21635 | 2023-07-04 | Buffer Copy without Checking Size of Input in Data Network Stack & Connectivity |
| CVE-2023-21637 | 2023-07-04 | Improper Restrictions of Operations within the Bounds of a Memory Buffer in Linux |
| CVE-2023-21638 | 2023-07-04 | Incorrect Type Conversion or Cast in Video |
| CVE-2023-21639 | 2023-07-04 | Buffer Copy Without Checking the Size of Input in Audio |
| CVE-2023-21640 | 2023-07-04 | Buffer Copy Without Checking Size of Input in Linux |
| CVE-2023-21641 | 2023-07-04 | Permissions, Privileges, and Access Controls in Display |
| CVE-2023-21672 | 2023-07-04 | Use After Free in Audio |
| CVE-2023-22386 | 2023-07-04 | Buffer Copy Without Checking Size of Input in WLAN HOST |
| CVE-2023-22387 | 2023-07-04 | Use of Out-of-range Pointer Offset in Qualcomm IPC |
| CVE-2023-22667 | 2023-07-04 | Integer Overflow or Wraparound in Audio |
| CVE-2023-24851 | 2023-07-04 | Buffer Copy Without Checking Size of Input in WLAN HOST |
| CVE-2023-24854 | 2023-07-04 | Stack-based Buffer Overflow in WLAN HOST |
| CVE-2023-28541 | 2023-07-04 | Buffer Over-read in WLAN Host |
| CVE-2023-28542 | 2023-07-04 | Buffer Over-read in WLAN HOST |
| CVE-2023-2333 | 2023-07-04 | Ninja Forms Google Sheet Connector < 1.2.7 - Reflected XSS |
| CVE-2023-3133 | 2023-07-04 | Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API |
| CVE-2023-2324 | 2023-07-04 | Elementor Forms Google Sheet Connector < 1.0.7 - Reflected XSS |
| CVE-2023-2010 | 2023-07-04 | Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote |
| CVE-2023-3139 | 2023-07-04 | Protect WP Admin < 4.0 - Unauthenticated Protection Bypass |
| CVE-2022-4623 | 2023-07-04 | ND Shortcodes < 7.0 - Contributor+ Stored XSS via Shortcodes |
| CVE-2023-3460 | 2023-07-04 | Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation |
| CVE-2023-2321 | 2023-07-04 | WPForms Google Sheet Connector < 3.4.6 - Reflected XSS |
| CVE-2023-2320 | 2023-07-04 | CF7 Google Sheets Connector < 5.0.2 - Reflected XSS |
| CVE-2023-1273 | 2023-07-04 | ND Shortcodes < 7.0 - Subscriber+ LFI |
| CVE-2023-2974 | 2023-07-04 | Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol |
| CVE-2023-3502 | 2023-07-04 | SourceCodester Shopping Website search-result.php sql injection |
| CVE-2023-3503 | 2023-07-04 | SourceCodester Shopping Website insert-product.php unrestricted upload |
| CVE-2023-3504 | 2023-07-04 | SmartWeb Infotech Job Board My Profile Page account unrestricted upload |
| CVE-2023-3505 | 2023-07-04 | Onest CRM Project List 2 cross site scripting |
| CVE-2023-3506 | 2023-07-04 | Active It Zone Active eCommerce CMS Create Ticket Page support_ticket cross site scripting |
| CVE-2023-31999 | 2023-07-04 | All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is... |
| CVE-2020-23452 | 2023-07-05 | A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console... |
| CVE-2020-25969 | 2023-07-05 | gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest(). |
| CVE-2022-42175 | 2023-07-05 | Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. |
| CVE-2023-25399 | 2023-07-05 | A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy... |
| CVE-2023-27197 | 2023-07-05 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have... |
| CVE-2023-27198 | 2023-07-05 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker... |
| CVE-2023-27199 | 2023-07-05 | PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. |
| CVE-2023-30207 | 2023-07-05 | A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file. |
| CVE-2023-33201 | 2023-07-05 | Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates.... |
| CVE-2023-33335 | 2023-07-05 | Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. |
| CVE-2023-34654 | 2023-07-05 | taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-35786 | 2023-07-05 | Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. |
| CVE-2023-35863 | 2023-07-05 | In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain... |
| CVE-2023-36622 | 2023-07-05 | The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. |
| CVE-2023-36623 | 2023-07-05 | The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password... |
| CVE-2023-36624 | 2023-07-05 | Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement. |
| CVE-2023-36665 | 2023-07-05 | "protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype... |
| CVE-2023-36932 | 2023-07-05 | In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web... |
| CVE-2023-36933 | 2023-07-05 | In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an... |
| CVE-2023-36934 | 2023-07-05 | In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web... |
| CVE-2023-34150 | 2023-07-05 | Apache Any23: Possible excessive allocation of resources reading input. |
| CVE-2023-37201 | 2023-07-05 | An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. |
| CVE-2023-37202 | 2023-07-05 | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115,... |
| CVE-2023-37207 | 2023-07-05 | A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to... |
| CVE-2023-37208 | 2023-07-05 | When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird <... |
| CVE-2023-37211 | 2023-07-05 | Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2023-3482 | 2023-07-05 | When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could... |
| CVE-2023-37203 | 2023-07-05 | Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This... |
| CVE-2023-37204 | 2023-07-05 | A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible... |
| CVE-2023-37205 | 2023-07-05 | The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. |
| CVE-2023-37206 | 2023-07-05 | Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. |
| CVE-2023-2880 | 2023-07-05 | Frauscher Sensortechnik Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability |
| CVE-2023-37209 | 2023-07-05 | A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to... |
| CVE-2023-37210 | 2023-07-05 | A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox <... |
| CVE-2023-37212 | 2023-07-05 | Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2023-3336 | 2023-07-05 | TN-5900 Series User Enumeration Vulnerability |
| CVE-2021-46890 | 2023-07-05 | Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |
| CVE-2023-2538 | 2023-07-05 | TLS Private Key Accessible to External Parties |
| CVE-2021-46891 | 2023-07-05 | Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |
| CVE-2021-46893 | 2023-07-05 | Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity. |
| CVE-2023-3455 | 2023-07-05 | Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. |
| CVE-2023-3089 | 2023-07-05 | Ocp & fips mode |
| CVE-2023-3515 | 2023-07-05 | Open Redirect in go-gitea/gitea |
| CVE-2023-35971 | 2023-07-05 | Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface |
| CVE-2023-35972 | 2023-07-05 | Authenticated Remote Command Execution in ArubaOS Web-based Management Interface |
| CVE-2023-35973 | 2023-07-05 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-35974 | 2023-07-05 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-35975 | 2023-07-05 | Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion |
| CVE-2023-35976 | 2023-07-05 | Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface |
| CVE-2023-35977 | 2023-07-05 | Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface |
| CVE-2023-35978 | 2023-07-05 | Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface |
| CVE-2023-35979 | 2023-07-05 | Unauthenticated Buffer Overflow Vulnerability in ArubaOS Web-Based Management Interface |
| CVE-2023-31194 | 2023-07-05 | An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open... |
| CVE-2023-27390 | 2023-07-05 | A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open... |
| CVE-2023-30607 | 2023-07-05 | icingaweb2-module-jira template and field configuration are susceptible to CSRF |
| CVE-2023-34106 | 2023-07-05 | GLPI vulnerable to unauthorized access to User data |
| CVE-2023-34337 | 2023-07-05 | Inadequate Encryption Strength |
| CVE-2023-34338 | 2023-07-05 | hard coded cryptographic key |
| CVE-2023-34471 | 2023-07-05 | Missing Cryptographic Step |
| CVE-2023-34472 | 2023-07-05 | AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead... |
| CVE-2023-34473 | 2023-07-05 | Usage of Hard-coded Credentials |
| CVE-2023-31248 | 2023-07-05 | Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability |
| CVE-2023-35001 | 2023-07-05 | Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability |