CVE List - 2023 / July
Showing 201 - 300 of 2295 CVEs for July 2023 (Page 3 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-34107 | 2023-07-05 | GLPI vulnerable to unauthorized access to KnowbaseItem data |
| CVE-2023-34244 | 2023-07-05 | GLPI vulnerable to reflected XSS in search pages |
| CVE-2023-34457 | 2023-07-05 | MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form |
| CVE-2023-35924 | 2023-07-05 | GLPI vulnerable to SQL injection via inventory agent request |
| CVE-2023-35936 | 2023-07-05 | Arbitrary file write is possible in Pandoc when using PDF output or --extract-media with untrusted input |
| CVE-2023-35939 | 2023-07-05 | GLPI vulnerable to unauthorized access to Dashboard data |
| CVE-2023-35940 | 2023-07-05 | GLPI vulnerable to unauthenticated access to Dashboard data |
| CVE-2023-36808 | 2023-07-05 | GLPI vulnerable to SQL injection through Computer Virtual Machine information |
| CVE-2023-36458 | 2023-07-05 | 1Panel vulnerable to ommand injection when entering the container terminal |
| CVE-2023-36457 | 2023-07-05 | 1Panel vulnerable to command injection when adding container repositories |
| CVE-2023-36809 | 2023-07-05 | Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox |
| CVE-2023-36813 | 2023-07-05 | Kanboard Authenticated SQL Injections vulnerability |
| CVE-2023-36821 | 2023-07-05 | Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation |
| CVE-2023-36822 | 2023-07-05 | Uptime Kuma authenticated path traversal via plugin repository name may lead to unavailability or data loss |
| CVE-2023-36827 | 2023-07-05 | Fides vulnerable to Path Traversal in Webserver API |
| CVE-2023-36828 | 2023-07-05 | Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG |
| CVE-2020-21861 | 2023-07-06 | File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. |
| CVE-2020-21862 | 2023-07-06 | Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del. |
| CVE-2020-22336 | 2023-07-06 | An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function. |
| CVE-2021-46896 | 2023-07-06 | Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332. |
| CVE-2022-46080 | 2023-07-06 | Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET. |
| CVE-2023-24256 | 2023-07-06 | An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal. |
| CVE-2023-27225 | 2023-07-06 | A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2023-29381 | 2023-07-06 | An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. |
| CVE-2023-29382 | 2023-07-06 | An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. |
| CVE-2023-29656 | 2023-07-06 | An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could... |
| CVE-2023-29824 | 2023-07-06 | A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue. |
| CVE-2023-30195 | 2023-07-06 | In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json. |
| CVE-2023-30319 | 2023-07-06 | Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. |
| CVE-2023-30320 | 2023-07-06 | Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. |
| CVE-2023-30321 | 2023-07-06 | Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. |
| CVE-2023-30322 | 2023-07-06 | Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code. |
| CVE-2023-30323 | 2023-07-06 | SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information. |
| CVE-2023-30325 | 2023-07-06 | SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information. |
| CVE-2023-30326 | 2023-07-06 | Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. |
| CVE-2023-34193 | 2023-07-06 | File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. |
| CVE-2023-36188 | 2023-07-06 | An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. |
| CVE-2023-36189 | 2023-07-06 | SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. |
| CVE-2023-36968 | 2023-07-06 | A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter. |
| CVE-2023-36969 | 2023-07-06 | CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. |
| CVE-2023-36970 | 2023-07-06 | A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. |
| CVE-2023-36995 | 2023-07-06 | TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. |
| CVE-2023-37122 | 2023-07-06 | A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module. |
| CVE-2023-37124 | 2023-07-06 | A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-37125 | 2023-07-06 | A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-37131 | 2023-07-06 | A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request. |
| CVE-2023-37132 | 2023-07-06 | A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-37133 | 2023-07-06 | A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-37134 | 2023-07-06 | A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-37135 | 2023-07-06 | A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-37136 | 2023-07-06 | A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-37192 | 2023-07-06 | Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets... |
| CVE-2023-37454 | 2023-07-06 | An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the... |
| CVE-2023-34192 | 2023-07-06 | Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. |
| CVE-2023-37453 | 2023-07-06 | An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. |
| CVE-2023-3520 | 2023-07-06 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in it-novum/openitcockpit |
| CVE-2023-3521 | 2023-07-06 | Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling |
| CVE-2023-30640 | 2023-07-06 | Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. |
| CVE-2023-30641 | 2023-07-06 | Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data. |
| CVE-2023-30642 | 2023-07-06 | Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function. |
| CVE-2023-30643 | 2023-07-06 | Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications. |
| CVE-2023-30644 | 2023-07-06 | Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. |
| CVE-2023-30645 | 2023-07-06 | Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. |
| CVE-2023-30646 | 2023-07-06 | Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. |
| CVE-2023-30647 | 2023-07-06 | Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. |
| CVE-2023-30648 | 2023-07-06 | Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system. |
| CVE-2023-30649 | 2023-07-06 | Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. |
| CVE-2023-30650 | 2023-07-06 | Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2023-30651 | 2023-07-06 | Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2023-30652 | 2023-07-06 | Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2023-30653 | 2023-07-06 | Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2023-30655 | 2023-07-06 | Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. |
| CVE-2023-30656 | 2023-07-06 | Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities. |
| CVE-2023-30657 | 2023-07-06 | Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. |
| CVE-2023-30658 | 2023-07-06 | Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. |
| CVE-2023-30659 | 2023-07-06 | Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. |
| CVE-2023-30660 | 2023-07-06 | Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. |
| CVE-2023-30661 | 2023-07-06 | Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. |
| CVE-2023-30662 | 2023-07-06 | Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. |
| CVE-2023-30663 | 2023-07-06 | Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. |
| CVE-2023-30664 | 2023-07-06 | Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. |
| CVE-2023-30665 | 2023-07-06 | Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read. |
| CVE-2023-30666 | 2023-07-06 | Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. |
| CVE-2023-30667 | 2023-07-06 | Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. |
| CVE-2023-30668 | 2023-07-06 | Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-30669 | 2023-07-06 | Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-30670 | 2023-07-06 | Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-30671 | 2023-07-06 | Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. |
| CVE-2023-30672 | 2023-07-06 | Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction. |
| CVE-2023-30673 | 2023-07-06 | Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction. |
| CVE-2023-30674 | 2023-07-06 | Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. |
| CVE-2023-30675 | 2023-07-06 | Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed. |
| CVE-2023-30676 | 2023-07-06 | Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass. |
| CVE-2023-30677 | 2023-07-06 | Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device. |
| CVE-2023-30678 | 2023-07-06 | Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file. |
| CVE-2023-26138 | 2023-07-06 | All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the... |
| CVE-2023-26137 | 2023-07-06 | All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker... |
| CVE-2023-3523 | 2023-07-06 | Out-of-bounds Read in gpac/gpac |
| CVE-2022-48508 | 2023-07-06 | Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2022-48512 | 2023-07-06 | Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally. |