CVE List - 2023 / July
Showing 2201 - 2295 of 2295 CVEs for July 2023 (Page 23 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-4920 | 2023-07-28 | Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox... |
| CVE-2022-4921 | 2023-07-28 | Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via... |
| CVE-2022-4922 | 2023-07-28 | Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2022-4923 | 2023-07-28 | Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity:... |
| CVE-2022-4924 | 2023-07-28 | Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted... |
| CVE-2022-4925 | 2023-07-28 | Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low) |
| CVE-2021-4316 | 2023-07-28 | Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2021-4317 | 2023-07-28 | Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2021-4318 | 2023-07-28 | Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2021-4319 | 2023-07-28 | Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2021-4320 | 2023-07-28 | Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page.... |
| CVE-2021-4321 | 2023-07-28 | Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2021-4322 | 2023-07-28 | Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted... |
| CVE-2021-4323 | 2023-07-28 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via... |
| CVE-2021-4324 | 2023-07-28 | Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium) |
| CVE-2022-4926 | 2023-07-28 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-2311 | 2023-07-28 | Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-2313 | 2023-07-28 | Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file.... |
| CVE-2023-2314 | 2023-07-28 | Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-36542 | 2023-07-29 | Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources |
| CVE-2023-32225 | 2023-07-30 | Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type |
| CVE-2023-32226 | 2023-07-30 | Sysaid - CWE-552: Files or Directories Accessible to External Parties |
| CVE-2023-32227 | 2023-07-30 | Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials |
| CVE-2023-37213 | 2023-07-30 | Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection' |
| CVE-2023-37214 | 2023-07-30 | Heights Telecom ERO1xS-Pro Dual-Band WiFi command injection |
| CVE-2023-37215 | 2023-07-30 | JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials |
| CVE-2023-37216 | 2023-07-30 | AnaSystem SensMini M4 – an authenticated user can cause Denial of Service |
| CVE-2023-37217 | 2023-07-30 | Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy |
| CVE-2023-37218 | 2023-07-30 | Tadiran Telecom Aeonix - CWE-22: Improper Limitation of a Pathname to a Restricted Directory |
| CVE-2023-37219 | 2023-07-30 | Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File |
| CVE-2020-21662 | 2023-07-31 | SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. |
| CVE-2020-21881 | 2023-07-31 | Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add. |
| CVE-2020-36763 | 2023-07-31 | Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post. |
| CVE-2021-31651 | 2023-07-31 | Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings. |
| CVE-2021-31680 | 2023-07-31 | Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file. |
| CVE-2021-31681 | 2023-07-31 | Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file. |
| CVE-2022-42182 | 2023-07-31 | Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal. |
| CVE-2022-42183 | 2023-07-31 | Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF). |
| CVE-2023-33534 | 2023-07-31 | A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process. |
| CVE-2023-34635 | 2023-07-31 | Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the... |
| CVE-2023-34644 | 2023-07-31 | Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP... |
| CVE-2023-34842 | 2023-07-31 | Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. |
| CVE-2023-34916 | 2023-07-31 | Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. |
| CVE-2023-34917 | 2023-07-31 | Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. |
| CVE-2023-35861 | 2023-07-31 | A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. |
| CVE-2023-36089 | 2023-07-31 | Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no... |
| CVE-2023-36090 | 2023-07-31 | Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
| CVE-2023-36091 | 2023-07-31 | Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer... |
| CVE-2023-36092 | 2023-07-31 | Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the... |
| CVE-2023-37647 | 2023-07-31 | SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. |
| CVE-2023-37771 | 2023-07-31 | Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. |
| CVE-2023-38303 | 2023-07-31 | An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter. |
| CVE-2023-38304 | 2023-07-31 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in... |
| CVE-2023-38305 | 2023-07-31 | An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload,... |
| CVE-2023-38306 | 2023-07-31 | An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types... |
| CVE-2023-38307 | 2023-07-31 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a... |
| CVE-2023-38308 | 2023-07-31 | An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from... |
| CVE-2023-38309 | 2023-07-31 | An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload... |
| CVE-2023-38310 | 2023-07-31 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to... |
| CVE-2023-38311 | 2023-07-31 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious... |
| CVE-2023-38750 | 2023-07-31 | In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. |
| CVE-2023-38989 | 2023-07-31 | An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information. |
| CVE-2023-39122 | 2023-07-31 | BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). |
| CVE-2023-3983 | 2023-07-31 | An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. |
| CVE-2023-34872 | 2023-07-31 | A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. |
| CVE-2023-35791 | 2023-07-31 | Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. |
| CVE-2023-35792 | 2023-07-31 | Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS). |
| CVE-2023-37580 | 2023-07-31 | Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. |
| CVE-2023-4005 | 2023-07-31 | Insufficient Session Expiration in fossbilling/fossbilling |
| CVE-2023-4006 | 2023-07-31 | Improper Neutralization of Formula Elements in a CSV File in thorsten/phpmyfaq |
| CVE-2023-4007 | 2023-07-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-35019 | 2023-07-31 | IBM Security Verify Governance command execution |
| CVE-2023-35016 | 2023-07-31 | IBM Security Verify Governance path traversal |
| CVE-2022-43831 | 2023-07-31 | IBM Spectrum Scale privilege escalation |
| CVE-2023-22595 | 2023-07-31 | IBM B2B Advanced Communication cross-site scripting |
| CVE-2023-24971 | 2023-07-31 | IBM B2B Advanced Communication denial of service |
| CVE-2020-4868 | 2023-07-31 | IBM TRIRIGA information disclosure |
| CVE-2023-34358 | 2023-07-31 | ASUS RT-AX88U - Out-of-bounds Read - 1 |
| CVE-2023-34359 | 2023-07-31 | ASUS RT-AX88U - Out-of-bounds Read - 2 |
| CVE-2023-34360 | 2023-07-31 | ASUS RT-AX88U - Stored XSS |
| CVE-2022-4888 | 2023-07-31 | Multiple Plugins from Addify - Multiple CSRF |
| CVE-2023-0602 | 2023-07-31 | Twittee Text Tweet <= 1.0.8 - Reflected XSS |
| CVE-2023-3130 | 2023-07-31 | Short URL < 1.6.5 - Admin+ Cross Site Scripting |
| CVE-2023-3134 | 2023-07-31 | Forminator < 1.24.4 - Reflected XSS |
| CVE-2023-3292 | 2023-07-31 | Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting |
| CVE-2023-3345 | 2023-07-31 | LMS by Masteriyo < 1.6.8 - Information Exposure |
| CVE-2023-3507 | 2023-07-31 | WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF |
| CVE-2023-3508 | 2023-07-31 | WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF |
| CVE-2023-3817 | 2023-07-31 | Excessive time spent checking DH q parameter value |
| CVE-2023-3997 | 2023-07-31 | Unauthenticated Log Injection In Splunk SOAR |
| CVE-2023-4004 | 2023-07-31 | Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() |
| CVE-2023-4010 | 2023-07-31 | Kernel: usb: hcd: malformed usb descriptor leads to infinite loop in usb_giveback_urb() |
| CVE-2023-3462 | 2023-07-31 | Vault's LDAP Auth Method Allows for User Enumeration |
| CVE-2023-3825 | 2023-07-31 | PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which... |
| CVE-2020-10962 | 2023-08-01 | In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via... |
| CVE-2022-39986 | 2023-08-01 | A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. |
| CVE-2022-39987 | 2023-08-01 | A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. |
| CVE-2023-31710 | 2023-08-01 | TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. |
| CVE-2023-33493 | 2023-08-01 | An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without... |
| CVE-2023-33560 | 2023-08-01 | There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. |