CVE List - 2023 / August
Showing 1401 - 1500 of 2479 CVEs for August 2023 (Page 15 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-20564 | 2023-08-15 | |
| CVE-2023-20560 | 2023-08-15 | |
| CVE-2020-26037 | 2023-08-16 | Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. |
| CVE-2023-33663 | 2023-08-16 | In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue. |
| CVE-2023-38894 | 2023-08-16 | A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function. |
| CVE-2023-38904 | 2023-08-16 | A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post... |
| CVE-2023-39115 | 2023-08-16 | install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. |
| CVE-2023-39846 | 2023-08-16 | An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token. |
| CVE-2023-39975 | 2023-08-16 | kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is... |
| CVE-2023-3958 | 2023-08-16 | The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow... |
| CVE-2023-4374 | 2023-08-16 | The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in... |
| CVE-2023-26140 | 2023-08-16 | Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization. |
| CVE-2023-39507 | 2023-08-16 | Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an... |
| CVE-2023-30786 | 2023-08-16 | WordPress Captcha Them All Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30782 | 2023-08-16 | WordPress Church Admin Plugin <= 3.7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30785 | 2023-08-16 | WordPress Video Grid Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30473 | 2023-08-16 | WordPress YML for Yandex Market Plugin <= 3.10.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30784 | 2023-08-16 | WordPress Kaya QR Code Generator Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30779 | 2023-08-16 | WordPress Query Wrangler Plugin <= 1.5.51 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30871 | 2023-08-16 | WordPress Stock Exporter for WooCommerce Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4241 | 2023-08-16 | lol-html panics on certain HTML inputs |
| CVE-2023-4381 | 2023-08-16 | Unverified Password Change in instantsoft/icms2 |
| CVE-2022-4782 | 2023-08-16 | ClickFunnels <= 3.1.1 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-2122 | 2023-08-16 | Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting |
| CVE-2023-0579 | 2023-08-16 | YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi |
| CVE-2023-2123 | 2023-08-16 | WP Inventory Manager < 2.1.0.13 - Reflected Cross-Site Scripting |
| CVE-2023-2271 | 2023-08-16 | Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF |
| CVE-2023-0058 | 2023-08-16 | Tiempo.com <= 0.1.2 - Stored XSS via CSRF |
| CVE-2023-2272 | 2023-08-16 | Tiempo.com <= 0.1.2 - Reflected XSS |
| CVE-2023-2225 | 2023-08-16 | SEO ALert <= 1.59 - Admin+ Stored XSS |
| CVE-2023-1110 | 2023-08-16 | Yellow Yard < 2.8.12 - Contributor+ Stored XSS |
| CVE-2023-0274 | 2023-08-16 | URL Params < 2.5 - Contributor+ Stored XSS |
| CVE-2023-1465 | 2023-08-16 | WP EasyPay < 4.1 - Reflected Cross-Site Scripting |
| CVE-2023-1977 | 2023-08-16 | Booking Manager < 2.0.29 - Subscriber+ SSRF |
| CVE-2023-2254 | 2023-08-16 | Ko-fi Button < 1.3.3 - Admin+ Stored XSS |
| CVE-2023-0551 | 2023-08-16 | REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion |
| CVE-2023-32494 | 2023-08-16 | Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance... |
| CVE-2023-32495 | 2023-08-16 | Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges. |
| CVE-2023-32486 | 2023-08-16 | Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges. |
| CVE-2023-32487 | 2023-08-16 | Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and... |
| CVE-2023-32488 | 2023-08-16 | Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. |
| CVE-2023-32489 | 2023-08-16 | Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. |
| CVE-2023-32490 | 2023-08-16 | Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover. |
| CVE-2023-32491 | 2023-08-16 | Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure. |
| CVE-2023-32492 | 2023-08-16 | Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. |
| CVE-2023-32493 | 2023-08-16 | Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution. |
| CVE-2023-40336 | 2023-08-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. |
| CVE-2023-40337 | 2023-08-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. |
| CVE-2023-40338 | 2023-08-16 | Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no... |
| CVE-2023-40339 | 2023-08-16 | Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. |
| CVE-2023-40340 | 2023-08-16 | Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. |
| CVE-2023-40341 | 2023-08-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. |
| CVE-2023-40342 | 2023-08-16 | Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2023-40343 | 2023-08-16 | Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. |
| CVE-2023-40344 | 2023-08-16 | A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2023-40345 | 2023-08-16 | Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. |
| CVE-2023-40346 | 2023-08-16 | Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs. |
| CVE-2023-40347 | 2023-08-16 | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are... |
| CVE-2023-40348 | 2023-08-16 | The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output. |
| CVE-2023-40349 | 2023-08-16 | Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. |
| CVE-2023-40350 | 2023-08-16 | Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS)... |
| CVE-2023-40351 | 2023-08-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. |
| CVE-2023-4204 | 2023-08-16 | NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability |
| CVE-2023-39250 | 2023-08-16 | Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an... |
| CVE-2023-2737 | 2023-08-16 | Improper securing of log directory may allow a denial of service |
| CVE-2023-4385 | 2023-08-16 | Kernel: jfs: null pointer dereference in dbfree() |
| CVE-2023-38737 | 2023-08-16 | IBM WebSphere Application Server Liberty denial of service |
| CVE-2023-4387 | 2023-08-16 | Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf() |
| CVE-2023-4389 | 2023-08-16 | Kernel: btrfs: double free in btrfs_get_root_ref() |
| CVE-2023-28075 | 2023-08-16 | Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed... |
| CVE-2023-32453 | 2023-08-16 | Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without... |
| CVE-2023-4382 | 2023-08-16 | tdevs Hyip Rio Profile Settings settings cross site scripting |
| CVE-2023-4383 | 2023-08-16 | MicroWorld eScan Anti-Virus runasroot incorrect execution-assigned permissions |
| CVE-2023-4384 | 2023-08-16 | MaximaTech Portal Executivo Cookie missing encryption |
| CVE-2022-4894 | 2023-08-16 | Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. |
| CVE-2023-40021 | 2023-08-16 | Timing Attack Reveals CSRF Tokens in oppia |
| CVE-2023-40033 | 2023-08-16 | Server-Side Request Forgery via Avatar upload in flarum |
| CVE-2023-40034 | 2023-08-16 | Repositoty takeover in woodpecker-ci |
| CVE-2023-20228 | 2023-08-16 | A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of... |
| CVE-2023-20242 | 2023-08-16 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &... |
| CVE-2023-20209 | 2023-08-16 | A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application... |
| CVE-2023-20237 | 2023-08-16 | A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on... |
| CVE-2023-20221 | 2023-08-16 | A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request... |
| CVE-2023-20111 | 2023-08-16 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper... |
| CVE-2023-20017 | 2023-08-16 | Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on... |
| CVE-2023-20013 | 2023-08-16 | Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on... |
| CVE-2023-20205 | 2023-08-16 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting... |
| CVE-2023-20203 | 2023-08-16 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting... |
| CVE-2023-20201 | 2023-08-16 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting... |
| CVE-2023-20222 | 2023-08-16 | A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)... |
| CVE-2023-20217 | 2023-08-16 | A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is... |
| CVE-2023-20232 | 2023-08-16 | A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected... |
| CVE-2023-20197 | 2023-08-16 | A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on... |
| CVE-2023-20211 | 2023-08-16 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote... |
| CVE-2023-20229 | 2023-08-16 | A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite... |
| CVE-2023-20224 | 2023-08-16 | A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This... |
| CVE-2023-35893 | 2023-08-16 | IBM Security Guardium command execution |
| CVE-2023-35009 | 2023-08-16 | IBM Cognos Analytics information disclosure |
| CVE-2023-35011 | 2023-08-16 | IBM Cognos Analytics server-side request forgey |
| CVE-2023-26469 | 2023-08-17 | In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server. |