CVE List - 2023 / August
Showing 1601 - 1700 of 2479 CVEs for August 2023 (Page 17 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-38132 | 2023-08-18 | LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. |
| CVE-2023-38576 | 2023-08-18 | Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. |
| CVE-2023-39445 | 2023-08-18 | Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management... |
| CVE-2023-39454 | 2023-08-18 | Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code. |
| CVE-2023-39455 | 2023-08-18 | OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are... |
| CVE-2023-39944 | 2023-08-18 | OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially... |
| CVE-2023-40069 | 2023-08-18 | OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected... |
| CVE-2023-40072 | 2023-08-18 | OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. |
| CVE-2023-31094 | 2023-08-18 | WordPress Stock Sync for WooCommerce Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31228 | 2023-08-18 | WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4407 | 2023-08-18 | Codecanyon Credit Lite POST Request account_statement sql injection |
| CVE-2023-4409 | 2023-08-18 | NBS&HappySoftWeChat unrestricted upload |
| CVE-2023-31232 | 2023-08-18 | WordPress Plugins List Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31218 | 2023-08-18 | WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2023-32103 | 2023-08-18 | WordPress TP Education Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32105 | 2023-08-18 | WordPress WPPizza Plugin <= 3.17.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32106 | 2023-08-18 | WordPress WP Docs Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32107 | 2023-08-18 | WordPress Photo Gallery by Ays Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4410 | 2023-08-18 | TOTOLINK EX1200L setDiagnosisCfg os command injection |
| CVE-2023-4411 | 2023-08-18 | TOTOLINK EX1200L setTracerouteCfg os command injection |
| CVE-2023-32108 | 2023-08-18 | WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4412 | 2023-08-18 | TOTOLINK EX1200L setWanCfg os command injection |
| CVE-2023-30499 | 2023-08-18 | WordPress FV Flowplayer Video Player Plugin <= 7.5.32.7212 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32109 | 2023-08-18 | WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29387 | 2023-08-18 | WordPress Manager for Icomoon Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32130 | 2023-08-18 | WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32122 | 2023-08-18 | WordPress Spiffy Calendar Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4414 | 2023-08-18 | Byzoro Smart S85F Management Platform decodmail.php command injection |
| CVE-2023-4415 | 2023-08-18 | Ruijie RG-EW1200G login improper authentication |
| CVE-2023-4422 | 2023-08-18 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit |
| CVE-2023-20212 | 2023-08-18 | A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due... |
| CVE-2023-40175 | 2023-08-18 | Inconsistent Interpretation of HTTP Requests in puma |
| CVE-2023-40174 | 2023-08-18 | Insufficient Session Expiration in fobybus/social-media-skeleton |
| CVE-2023-40173 | 2023-08-18 | Unsalted passwords in fobybus/social-media-skeleton |
| CVE-2023-40172 | 2023-08-18 | Cross-Site Request Forgery (CSRF) in fobybus/social-media-skeleton |
| CVE-2023-40037 | 2023-08-18 | Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs |
| CVE-2023-4432 | 2023-08-19 | Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit |
| CVE-2023-4433 | 2023-08-19 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit |
| CVE-2023-2110 | 2023-08-19 | Obsidian Local File Disclosure |
| CVE-2023-2316 | 2023-08-19 | Typora Local File Disclosure |
| CVE-2023-2317 | 2023-08-19 | Typora DOM-Based Cross-site Scripting leading to Remote Code Execution |
| CVE-2023-2318 | 2023-08-19 | MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution |
| CVE-2023-2971 | 2023-08-19 | Typora Local File Disclosure |
| CVE-2022-24989 | 2023-08-20 | TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters... |
| CVE-2023-36674 | 2023-08-20 | An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka... |
| CVE-2023-37250 | 2023-08-20 | Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from... |
| CVE-2023-37369 | 2023-08-20 | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation... |
| CVE-2023-40711 | 2023-08-20 | Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via... |
| CVE-2023-4434 | 2023-08-20 | Missing Authorization in hamza417/inure |
| CVE-2023-4435 | 2023-08-20 | Improper Input Validation in hamza417/inure |
| CVE-2023-4451 | 2023-08-20 | Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit |
| CVE-2023-4436 | 2023-08-20 | SourceCodester Inventory Management System edit_update.php sql injection |
| CVE-2023-4437 | 2023-08-20 | SourceCodester Inventory Management System search_sell_paymen_report.php sql injection |
| CVE-2023-4438 | 2023-08-20 | SourceCodester Inventory Management System search_sales_report.php sql injection |
| CVE-2023-4439 | 2023-08-20 | SourceCodester Card Holder Management System Minus Value unknown vulnerability |
| CVE-2023-4440 | 2023-08-20 | SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection |
| CVE-2023-4441 | 2023-08-20 | SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection |
| CVE-2020-28715 | 2023-08-21 | An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). |
| CVE-2023-31447 | 2023-08-21 | user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert... |
| CVE-2023-38836 | 2023-08-21 | File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. |
| CVE-2023-38899 | 2023-08-21 | SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. |
| CVE-2023-38906 | 2023-08-21 | An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker... |
| CVE-2023-38961 | 2023-08-21 | Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. |
| CVE-2023-38976 | 2023-08-21 | An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. |
| CVE-2023-39061 | 2023-08-21 | Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. |
| CVE-2023-39094 | 2023-08-21 | Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function. |
| CVE-2023-39106 | 2023-08-21 | An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. |
| CVE-2023-39617 | 2023-08-21 | TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. |
| CVE-2023-39618 | 2023-08-21 | TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. |
| CVE-2023-39660 | 2023-08-21 | An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. |
| CVE-2023-39745 | 2023-08-21 | TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of... |
| CVE-2023-39747 | 2023-08-21 | TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. |
| CVE-2023-39748 | 2023-08-21 | An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. |
| CVE-2023-39749 | 2023-08-21 | D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. This vulnerability is exploited via a crafted GET request. |
| CVE-2023-39750 | 2023-08-21 | D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request. |
| CVE-2023-39751 | 2023-08-21 | TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. |
| CVE-2023-39784 | 2023-08-21 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function. |
| CVE-2023-39785 | 2023-08-21 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function. |
| CVE-2023-39786 | 2023-08-21 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function. |
| CVE-2023-39807 | 2023-08-21 | N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php. |
| CVE-2023-39808 | 2023-08-21 | N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service. |
| CVE-2023-39809 | 2023-08-21 | N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php. |
| CVE-2023-40352 | 2023-08-21 | McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. |
| CVE-2023-4442 | 2023-08-21 | SourceCodester Free Hospital Management System for Small Practices booking-complete.php sql injection |
| CVE-2023-4443 | 2023-08-21 | SourceCodester Free Hospital Management System for Small Practices edit-doc.php sql injection |
| CVE-2023-4444 | 2023-08-21 | SourceCodester Free Hospital Management System for Small Practices edit-user.php sql injection |
| CVE-2023-4445 | 2023-08-21 | Mini-Tmall sql injection |
| CVE-2023-4446 | 2023-08-21 | OpenRapid RapidCMS category.php sql injection |
| CVE-2023-4447 | 2023-08-21 | OpenRapid RapidCMS article-chat.php sql injection |
| CVE-2023-4448 | 2023-08-21 | OpenRapid RapidCMS run-movepass.php password recovery |
| CVE-2023-4449 | 2023-08-21 | SourceCodester Free and Open Source Inventory Management System sql injection |
| CVE-2023-4450 | 2023-08-21 | jeecgboot JimuReport Template injection |
| CVE-2022-46751 | 2023-08-21 | Apache Ivy: XML External Entity vulnerability in Apache Ivy |
| CVE-2023-40068 | 2023-08-21 | Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script... |
| CVE-2023-39543 | 2023-08-21 | Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary... |
| CVE-2023-39939 | 2023-08-21 | SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries... |
| CVE-2023-4453 | 2023-08-21 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2023-4454 | 2023-08-21 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag |
| CVE-2023-4455 | 2023-08-21 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag |
| CVE-2023-3481 | 2023-08-21 | XSS in Chrome Lab Critters |