CVE List - 2023 / August
Showing 1901 - 2000 of 2479 CVEs for August 2023 (Page 20 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-37440 | 2023-08-22 | Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure |
| CVE-2023-33850 | 2023-08-22 | IBM GSKit-Crypto information disclosure |
| CVE-2023-38734 | 2023-08-22 | IBM Robotic Process Automation privilege escalation |
| CVE-2023-38733 | 2023-08-22 | IBM Robotic Process Automation information disclosure |
| CVE-2023-40370 | 2023-08-22 | IBM Robotic Process Automation information disclosure |
| CVE-2023-4427 | 2023-08-22 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.... |
| CVE-2023-4428 | 2023-08-22 | Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.... |
| CVE-2023-4429 | 2023-08-22 | Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4430 | 2023-08-22 | Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4431 | 2023-08-22 | Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.... |
| CVE-2023-36317 | 2023-08-23 | Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL. |
| CVE-2023-41098 | 2023-08-23 | An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. |
| CVE-2023-41100 | 2023-08-23 | An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form... |
| CVE-2023-41104 | 2023-08-23 | libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact... |
| CVE-2023-41105 | 2023-08-23 | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte.... |
| CVE-2023-38831 | 2023-08-23 | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive... |
| CVE-2023-3495 | 2023-08-23 | Out-of-bounds Write Vulnerability in Hitachi EH-VIEW (KeypadDesigner) |
| CVE-2023-39984 | 2023-08-23 | Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability in Hitachi EH-VIEW (KeypadDesigner) |
| CVE-2023-39985 | 2023-08-23 | Out-of-bounds Write Vulnerability in Hitachi EH-VIEW (Designer) |
| CVE-2023-39986 | 2023-08-23 | Out-of-bounds Read Vulnerability in Hitachi EH-VIEW (Designer) |
| CVE-2023-4404 | 2023-08-23 | The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes... |
| CVE-2023-38585 | 2023-08-23 | Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions,... |
| CVE-2023-40158 | 2023-08-23 | Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions,... |
| CVE-2023-40144 | 2023-08-23 | OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected... |
| CVE-2023-40282 | 2023-08-23 | Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or... |
| CVE-2023-4041 | 2023-08-23 | Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability |
| CVE-2023-3899 | 2023-08-23 | Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration |
| CVE-2023-4042 | 2023-08-23 | Ghostscript: incomplete fix for cve-2020-16305 |
| CVE-2023-32119 | 2023-08-23 | WordPress WPO365 | Mail Integration for Office 365 / Outlook Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32236 | 2023-08-23 | WordPress Booking Ultra Pro Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32496 | 2023-08-23 | WordPress StopBadBots Plugin <= 7.31 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32497 | 2023-08-23 | WordPress Block Referer Spam Plugin <= 1.1.9.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32498 | 2023-08-23 | WordPress Easy Form by AYS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32499 | 2023-08-23 | WordPress Radio Station Plugin <= 2.4.0.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28994 | 2023-08-23 | WordPress Flatsome Theme <= 3.16.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32300 | 2023-08-23 | WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32505 | 2023-08-23 | WordPress Easy Hide Login Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32509 | 2023-08-23 | WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1409 | 2023-08-23 | Certificate validation issue in MongoDB Server running on Windows or macOS |
| CVE-2023-40273 | 2023-08-23 | Session fixation in Apache Airflow web interface |
| CVE-2023-37379 | 2023-08-23 | Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature |
| CVE-2023-39441 | 2023-08-23 | Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation |
| CVE-2023-20168 | 2023-08-23 | A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due... |
| CVE-2023-20169 | 2023-08-23 | A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode... |
| CVE-2023-20200 | 2023-08-23 | A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric... |
| CVE-2023-20115 | 2023-08-23 | A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or... |
| CVE-2023-20234 | 2023-08-23 | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device,... |
| CVE-2023-20230 | 2023-08-23 | A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example,... |
| CVE-2023-40612 | 2023-08-23 | Authenticated XXE Injection Via The File Editor |
| CVE-2023-40025 | 2023-08-23 | Argo CD web terminal session doesn't expire |
| CVE-2023-40176 | 2023-08-23 | SXSS in the user profile via the timezone displayer |
| CVE-2022-3742 | 2023-08-23 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper... |
| CVE-2022-3743 | 2023-08-23 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate... |
| CVE-2022-3744 | 2023-08-23 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a... |
| CVE-2022-3745 | 2023-08-23 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from... |
| CVE-2022-3746 | 2023-08-23 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally... |
| CVE-2023-40035 | 2023-08-23 | Craft CMS vulnerable to Remote Code Execution via validatePath bypass |
| CVE-2023-40177 | 2023-08-23 | XWiki Platform privilege escalation (PR) from account through AWM content fields |
| CVE-2023-40178 | 2023-08-23 | @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError |
| CVE-2023-40185 | 2023-08-23 | Shescape on Windows escaping may be bypassed in threaded context |
| CVE-2023-3453 | 2023-08-23 | ETIC Telecom Insecure Default Initialization of Resource |
| CVE-2023-32202 | 2023-08-23 | Walchem Intuition Improper Authentication |
| CVE-2023-38422 | 2023-08-23 | Walchem Intuition Missing Authentication for Critical Function |
| CVE-2023-41028 | 2023-08-23 | Juplink RX4-1500 Stack-based Buffer Overflow Vulnerability |
| CVE-2023-39699 | 2023-08-24 | IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local... |
| CVE-2023-39700 | 2023-08-24 | IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. |
| CVE-2023-39801 | 2023-08-24 | A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when... |
| CVE-2023-39834 | 2023-08-24 | PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. |
| CVE-2023-40874 | 2023-08-24 | DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. |
| CVE-2023-40875 | 2023-08-24 | DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. |
| CVE-2023-40876 | 2023-08-24 | DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. |
| CVE-2023-40877 | 2023-08-24 | DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. |
| CVE-2023-40891 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg. |
| CVE-2023-40892 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi. |
| CVE-2023-40893 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. |
| CVE-2023-40894 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg. |
| CVE-2023-40895 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. |
| CVE-2023-40896 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. |
| CVE-2023-40897 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo. |
| CVE-2023-40898 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg. |
| CVE-2023-40899 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. |
| CVE-2023-40900 | 2023-08-24 | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. |
| CVE-2023-40901 | 2023-08-24 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg. |
| CVE-2023-40902 | 2023-08-24 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. |
| CVE-2023-40904 | 2023-08-24 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. |
| CVE-2023-40572 | 2023-08-24 | XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action |
| CVE-2023-32559 | 2023-08-24 | A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy... |
| CVE-2023-40573 | 2023-08-24 | XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution |
| CVE-2023-4227 | 2023-08-24 | ioLogik 4000 Series: Existence of an Unauthorized Service |
| CVE-2023-4228 | 2023-08-24 | ioLogik 4000 Series: Session Cookies Attribute Not Set Properly |
| CVE-2023-4511 | 2023-08-24 | Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark |
| CVE-2023-4512 | 2023-08-24 | Uncontrolled Recursion in Wireshark |
| CVE-2023-4513 | 2023-08-24 | Missing Release of Memory after Effective Lifetime in Wireshark |
| CVE-2023-4229 | 2023-08-24 | ioLogik 4000 Series: Session Headers Not Implemented |
| CVE-2023-3704 | 2023-08-24 | Timestamp Modification Vulnerability in CP-Plus Digital Video Recorder |
| CVE-2023-4230 | 2023-08-24 | ioLogik 4000 Series: Server Banner Information Disclosure |
| CVE-2023-3705 | 2023-08-24 | Information Disclosure Vulnerability in CP-Plus Network Video Recorder |
| CVE-2023-32510 | 2023-08-24 | WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32511 | 2023-08-24 | WordPress Booking Ultra Pro Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32516 | 2023-08-24 | WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS) |