CVE List - 2023 / August
Showing 1 - 100 of 2479 CVEs for August 2023 (Page 1 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-39986 | 2023-08-01 | A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. |
| CVE-2022-39987 | 2023-08-01 | A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. |
| CVE-2023-31710 | 2023-08-01 | TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. |
| CVE-2023-33493 | 2023-08-01 | An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without... |
| CVE-2023-33560 | 2023-08-01 | There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. |
| CVE-2023-33561 | 2023-08-01 | Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. |
| CVE-2023-33562 | 2023-08-01 | User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine... |
| CVE-2023-33563 | 2023-08-01 | In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. |
| CVE-2023-33564 | 2023-08-01 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. |
| CVE-2023-34551 | 2023-08-01 | In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the... |
| CVE-2023-34634 | 2023-08-01 | Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened. |
| CVE-2023-34869 | 2023-08-01 | PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot. |
| CVE-2023-34960 | 2023-08-01 | A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. |
| CVE-2023-36118 | 2023-08-01 | Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter. |
| CVE-2023-36121 | 2023-08-01 | Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. |
| CVE-2023-36211 | 2023-08-01 | The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel. |
| CVE-2023-36351 | 2023-08-01 | An issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to execute arbitrary code via the com.viatom.baselib.mvvm.webWebViewActivity component. |
| CVE-2023-36983 | 2023-08-01 | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. |
| CVE-2023-36984 | 2023-08-01 | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. |
| CVE-2023-37772 | 2023-08-01 | Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. |
| CVE-2023-38357 | 2023-08-01 | Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions. |
| CVE-2023-38990 | 2023-08-01 | An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator. |
| CVE-2023-39108 | 2023-08-01 | rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests... |
| CVE-2023-39109 | 2023-08-01 | rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests... |
| CVE-2023-39110 | 2023-08-01 | rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted... |
| CVE-2023-34552 | 2023-08-01 | In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network... |
| CVE-2023-36210 | 2023-08-01 | MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter. |
| CVE-2023-39147 | 2023-08-01 | An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. |
| CVE-2023-4033 | 2023-08-01 | OS Command Injection in mlflow/mlflow |
| CVE-2023-37496 | 2023-08-01 | HCL Verse is susceptible to a Stored Cross-Site Scripting (XSS) Vulnerability |
| CVE-2023-26139 | 2023-08-01 | Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization... |
| CVE-2023-23548 | 2023-08-01 | XSS in business intelligence |
| CVE-2023-37478 | 2023-08-01 | pnpm incorrectly parses tar archives relative to specification |
| CVE-2023-4045 | 2023-08-01 | Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox <... |
| CVE-2023-4046 | 2023-08-01 | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the... |
| CVE-2023-4047 | 2023-08-01 | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR... |
| CVE-2023-4048 | 2023-08-01 | An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and... |
| CVE-2023-4049 | 2023-08-01 | Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14,... |
| CVE-2023-4050 | 2023-08-01 | In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a... |
| CVE-2023-4051 | 2023-08-01 | A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox... |
| CVE-2023-4052 | 2023-08-01 | The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account.... |
| CVE-2023-4053 | 2023-08-01 | A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led... |
| CVE-2023-4054 | 2023-08-01 | When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This... |
| CVE-2023-4055 | 2023-08-01 | When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could... |
| CVE-2023-4056 | 2023-08-01 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume... |
| CVE-2023-4057 | 2023-08-01 | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2023-4058 | 2023-08-01 | Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2023-38559 | 2023-08-01 | Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos |
| CVE-2023-38560 | 2023-08-01 | Ghostscript: integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name |
| CVE-2023-20583 | 2023-08-01 | Software based Power Side Channel on AMD CPUs |
| CVE-2023-3718 | 2023-08-01 | Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface |
| CVE-2023-31429 | 2023-08-01 | Multiple commands print sensitive information in the terminal |
| CVE-2023-31425 | 2023-08-01 | Privilege escalation via the fosexec command |
| CVE-2023-31426 | 2023-08-01 | scp, sftp, ftp servers passwords in supportsave |
| CVE-2023-3107 | 2023-08-01 | Remote denial of service in IPv6 fragment reassembly |
| CVE-2023-3494 | 2023-08-01 | bhyve privileged guest escape via fwctl |
| CVE-2023-3727 | 2023-08-01 | Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-3728 | 2023-08-01 | Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-3729 | 2023-08-01 | Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit... |
| CVE-2023-3730 | 2023-08-01 | Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap... |
| CVE-2023-3731 | 2023-08-01 | Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption... |
| CVE-2023-3732 | 2023-08-01 | Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a... |
| CVE-2023-3733 | 2023-08-01 | Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... |
| CVE-2023-3734 | 2023-08-01 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML... |
| CVE-2023-3735 | 2023-08-01 | Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-3736 | 2023-08-01 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-3737 | 2023-08-01 | Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-3738 | 2023-08-01 | Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-3739 | 2023-08-01 | Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security... |
| CVE-2023-3740 | 2023-08-01 | Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL.... |
| CVE-2023-31427 | 2023-08-01 | Knowledge of full path name |
| CVE-2023-31431 | 2023-08-01 | A buffer overflow vulnerability in “diagstatus” command |
| CVE-2023-31430 | 2023-08-01 | buffer overflow vulnerability in “secpolicydelete” command |
| CVE-2023-3385 | 2023-08-01 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab |
| CVE-2023-3364 | 2023-08-01 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-2164 | 2023-08-01 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2023-1210 | 2023-08-01 | Generation of Error Message Containing Sensitive Information in GitLab |
| CVE-2023-0632 | 2023-08-01 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-31428 | 2023-08-01 | CLI allows upload or transfer files of dangerous types |
| CVE-2023-31928 | 2023-08-01 | XSS vulnerability in Brocade Webtools |
| CVE-2023-31432 | 2023-08-01 | Privilege issues in multiple commands |
| CVE-2022-46484 | 2023-08-02 | Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. |
| CVE-2022-46485 | 2023-08-02 | Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details". |
| CVE-2023-26316 | 2023-08-02 | A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited... |
| CVE-2023-26317 | 2023-08-02 | Xiaomi router external request interface has command injection |
| CVE-2023-33257 | 2023-08-02 | Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat. |
| CVE-2023-33383 | 2023-08-02 | Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload. |
| CVE-2023-36081 | 2023-08-02 | Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard. |
| CVE-2023-38330 | 2023-08-02 | OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to... |
| CVE-2023-39113 | 2023-08-02 | ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga. |
| CVE-2023-39114 | 2023-08-02 | ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif. |
| CVE-2023-31927 | 2023-08-02 | An information disclosure in the web interface of Brocade Fabric OS |
| CVE-2023-3994 | 2023-08-02 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-3993 | 2023-08-02 | Insertion of Sensitive Information into Log File in GitLab |
| CVE-2023-3900 | 2023-08-02 | Improper Validation of Specified Type of Input in GitLab |
| CVE-2023-3500 | 2023-08-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2023-31926 | 2023-08-02 | Arbitrary File Overwrite using less command |
| CVE-2022-2346 | 2023-08-02 | In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. |
| CVE-2023-4016 | 2023-08-02 | Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into... |
| CVE-2022-2416 | 2023-08-02 | In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. |