CVE List - 2023 / August
Showing 1801 - 1900 of 2479 CVEs for August 2023 (Page 19 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-28068 | 2023-08-22 | A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0. |
| CVE-2022-28069 | 2023-08-22 | A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0. |
| CVE-2022-28070 | 2023-08-22 | A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0. |
| CVE-2022-28071 | 2023-08-22 | A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. |
| CVE-2022-28072 | 2023-08-22 | A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. |
| CVE-2022-28073 | 2023-08-22 | A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0. |
| CVE-2022-29654 | 2023-08-22 | Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. |
| CVE-2022-34038 | 2023-08-22 | Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability. |
| CVE-2022-35205 | 2023-08-22 | An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. |
| CVE-2022-35206 | 2023-08-22 | Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. |
| CVE-2022-36648 | 2023-08-22 | The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code... |
| CVE-2022-40090 | 2023-08-22 | An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. |
| CVE-2022-43357 | 2023-08-22 | Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass,... |
| CVE-2022-43358 | 2023-08-22 | Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS). |
| CVE-2022-44215 | 2023-08-22 | There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. |
| CVE-2022-44840 | 2023-08-22 | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. |
| CVE-2022-45582 | 2023-08-22 | Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. |
| CVE-2022-45611 | 2023-08-22 | An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. |
| CVE-2022-45703 | 2023-08-22 | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. |
| CVE-2022-47007 | 2023-08-22 | An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. |
| CVE-2022-47008 | 2023-08-22 | An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. |
| CVE-2022-47010 | 2023-08-22 | An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. |
| CVE-2022-47011 | 2023-08-22 | An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. |
| CVE-2022-47022 | 2023-08-22 | An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. |
| CVE-2022-47069 | 2023-08-22 | p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. |
| CVE-2022-47673 | 2023-08-22 | An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. |
| CVE-2022-47695 | 2023-08-22 | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. |
| CVE-2022-47696 | 2023-08-22 | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. |
| CVE-2022-48063 | 2023-08-22 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a... |
| CVE-2022-48064 | 2023-08-22 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a... |
| CVE-2022-48065 | 2023-08-22 | GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. |
| CVE-2022-48522 | 2023-08-22 | In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. |
| CVE-2022-48538 | 2023-08-22 | In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. |
| CVE-2022-48545 | 2023-08-22 | An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. |
| CVE-2022-48547 | 2023-08-22 | A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php. |
| CVE-2022-48554 | 2023-08-22 | File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. |
| CVE-2022-48560 | 2023-08-22 | A use-after-free exists in Python through 3.9 via heappushpop in heapq. |
| CVE-2022-48564 | 2023-08-22 | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. |
| CVE-2022-48565 | 2023-08-22 | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. |
| CVE-2022-48566 | 2023-08-22 | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. |
| CVE-2022-48570 | 2023-08-22 | Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned.... |
| CVE-2022-48571 | 2023-08-22 | memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. |
| CVE-2023-23563 | 2023-08-22 | An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection. |
| CVE-2023-23564 | 2023-08-22 | An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands. |
| CVE-2023-23565 | 2023-08-22 | An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. |
| CVE-2023-34853 | 2023-08-22 | Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. |
| CVE-2023-36281 | 2023-08-22 | An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template. |
| CVE-2023-38665 | 2023-08-22 | Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). |
| CVE-2023-38666 | 2023-08-22 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. |
| CVE-2023-38667 | 2023-08-22 | Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. |
| CVE-2023-38668 | 2023-08-22 | Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). |
| CVE-2023-38908 | 2023-08-22 | An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain... |
| CVE-2023-38909 | 2023-08-22 | An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain... |
| CVE-2023-38996 | 2023-08-22 | An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. |
| CVE-2023-39026 | 2023-08-22 | Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. |
| CVE-2023-39141 | 2023-08-22 | webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. |
| CVE-2023-39599 | 2023-08-22 | Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. |
| CVE-2020-21427 | 2023-08-22 | Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. |
| CVE-2020-21428 | 2023-08-22 | Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. |
| CVE-2020-21896 | 2023-08-22 | A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF... |
| CVE-2020-22524 | 2023-08-22 | Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file. |
| CVE-2021-34193 | 2023-08-22 | Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs. |
| CVE-2021-46310 | 2023-08-22 | An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. |
| CVE-2021-46312 | 2023-08-22 | An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. |
| CVE-2022-37050 | 2023-08-22 | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in... |
| CVE-2022-37051 | 2023-08-22 | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving... |
| CVE-2022-37052 | 2023-08-22 | A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. |
| CVE-2022-38349 | 2023-08-22 | An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving... |
| CVE-2022-41444 | 2023-08-22 | Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php. |
| CVE-2022-48174 | 2023-08-22 | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. |
| CVE-2022-48541 | 2023-08-22 | A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. |
| CVE-2023-3699 | 2023-08-22 | An Improper Privilege Management vulnerability was found on the ADM |
| CVE-2023-4475 | 2023-08-22 | An Arbitrary File Movement vulnerability was found on the ADM |
| CVE-2023-24515 | 2023-08-22 | Server side request forgery in api checker |
| CVE-2023-24514 | 2023-08-22 | Stored Cross Site Scripting Vulnerability in Visual Console Module |
| CVE-2023-24516 | 2023-08-22 | Stored Cross Site Scripting - Special Days Module |
| CVE-2023-24517 | 2023-08-22 | Remote Code Execution via Unrestricted File Upload |
| CVE-2023-38732 | 2023-08-22 | IBM Robotic Process Automation information disclosure |
| CVE-2022-44730 | 2023-08-22 | Apache XML Graphics Batik: Information disclosure vulnerability |
| CVE-2022-44729 | 2023-08-22 | Apache XML Graphics Batik: Information disclosure vulnerability |
| CVE-2023-4212 | 2023-08-22 | Trane Thermostats Injection |
| CVE-2023-37421 | 2023-08-22 | Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface |
| CVE-2023-37422 | 2023-08-22 | Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface |
| CVE-2023-37423 | 2023-08-22 | Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface |
| CVE-2023-37424 | 2023-08-22 | Unauthenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface |
| CVE-2023-37425 | 2023-08-22 | Unauthenticated Stored Cross-Site Scripting Vulnerability (XSS) in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface |
| CVE-2023-37426 | 2023-08-22 | Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator |
| CVE-2023-37427 | 2023-08-22 | Authenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface |
| CVE-2023-37428 | 2023-08-22 | Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface |
| CVE-2023-37429 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37430 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37431 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37432 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37433 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37434 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37435 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37436 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37437 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37438 | 2023-08-22 | Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface |
| CVE-2023-37439 | 2023-08-22 | Reflected Cross Site Scripting in EdgeConnect SD-WAN Orchestrator Web Management Interface |