CVE List - 2023 / August
Showing 701 - 800 of 2479 CVEs for August 2023 (Page 8 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-38188 | 2023-08-08 | Azure Apache Hadoop Spoofing Vulnerability |
| CVE-2023-38186 | 2023-08-08 | Windows Mobile Device Management Elevation of Privilege Vulnerability |
| CVE-2023-38185 | 2023-08-08 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-38184 | 2023-08-08 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2023-38175 | 2023-08-08 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
| CVE-2023-38172 | 2023-08-08 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2023-38170 | 2023-08-08 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2023-38169 | 2023-08-08 | Microsoft SQL OLE DB Remote Code Execution Vulnerability |
| CVE-2023-38167 | 2023-08-08 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
| CVE-2023-21709 | 2023-08-08 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2023-35371 | 2023-08-08 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2023-35372 | 2023-08-08 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2023-36877 | 2023-08-08 | Azure Apache Oozie Spoofing Vulnerability |
| CVE-2023-36881 | 2023-08-08 | Azure Apache Ambari Spoofing Vulnerability |
| CVE-2023-36890 | 2023-08-08 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| CVE-2023-36891 | 2023-08-08 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2023-36892 | 2023-08-08 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2023-36893 | 2023-08-08 | Microsoft Outlook Spoofing Vulnerability |
| CVE-2023-36894 | 2023-08-08 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| CVE-2023-36895 | 2023-08-08 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2023-36896 | 2023-08-08 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2023-36897 | 2023-08-08 | Visual Studio Tools for Office Runtime Spoofing Vulnerability |
| CVE-2023-35388 | 2023-08-08 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-35390 | 2023-08-08 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-38182 | 2023-08-08 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-38181 | 2023-08-08 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2023-38178 | 2023-08-08 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2023-38176 | 2023-08-08 | Azure Arc-Enabled Servers Elevation of Privilege Vulnerability |
| CVE-2023-38154 | 2023-08-08 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-20562 | 2023-08-08 | |
| CVE-2023-20556 | 2023-08-08 | |
| CVE-2023-20561 | 2023-08-08 | |
| CVE-2023-36541 | 2023-08-08 | Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access. |
| CVE-2023-36532 | 2023-08-08 | Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. |
| CVE-2023-39342 | 2023-08-08 | Dangerzone CLI does not sanitize ANSI escape characters |
| CVE-2023-36533 | 2023-08-08 | Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. |
| CVE-2023-36534 | 2023-08-08 | Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. |
| CVE-2023-36535 | 2023-08-08 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. |
| CVE-2023-39216 | 2023-08-08 | Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. |
| CVE-2023-39217 | 2023-08-08 | Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access. |
| CVE-2023-39218 | 2023-08-08 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. |
| CVE-2023-39518 | 2023-08-08 | social-media-skeleton stored Cross-site Scripting vulnerability |
| CVE-2023-36873 | 2023-08-08 | .NET Framework Spoofing Vulnerability |
| CVE-2023-36899 | 2023-08-08 | ASP.NET Elevation of Privilege Vulnerability |
| CVE-2023-39533 | 2023-08-08 | libp2p nodes vulnerable to attack using large RSA keys |
| CVE-2023-35391 | 2023-08-08 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability |
| CVE-2023-38180 | 2023-08-08 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2023-39951 | 2023-08-08 | Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend |
| CVE-2023-39210 | 2023-08-08 | Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. |
| CVE-2023-39211 | 2023-08-08 | Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. |
| CVE-2023-39212 | 2023-08-08 | Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. |
| CVE-2023-39213 | 2023-08-08 | Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network... |
| CVE-2023-39214 | 2023-08-08 | Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. |
| CVE-2023-39209 | 2023-08-08 | Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. |
| CVE-2023-31452 | 2023-08-09 | A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided... |
| CVE-2023-32781 | 2023-08-09 | A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write... |
| CVE-2023-32782 | 2023-08-09 | A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write... |
| CVE-2023-33468 | 2023-08-09 | KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the... |
| CVE-2023-33469 | 2023-08-09 | In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be... |
| CVE-2023-34545 | 2023-08-09 | A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. |
| CVE-2023-35838 | 2023-08-09 | The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an... |
| CVE-2023-36671 | 2023-08-09 | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's... |
| CVE-2023-36672 | 2023-08-09 | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent... |
| CVE-2023-36673 | 2023-08-09 | An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP... |
| CVE-2023-37068 | 2023-08-09 | Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to... |
| CVE-2023-38347 | 2023-08-09 | An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox. |
| CVE-2023-38348 | 2023-08-09 | A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1. |
| CVE-2023-38997 | 2023-08-09 | A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via... |
| CVE-2023-38998 | 2023-08-09 | An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site... |
| CVE-2023-38999 | 2023-08-09 | A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service... |
| CVE-2023-39000 | 2023-08-09 | A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL... |
| CVE-2023-39001 | 2023-08-09 | A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration... |
| CVE-2023-39002 | 2023-08-09 | A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or... |
| CVE-2023-39003 | 2023-08-09 | OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. |
| CVE-2023-39004 | 2023-08-09 | Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could... |
| CVE-2023-39005 | 2023-08-09 | Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. |
| CVE-2023-39006 | 2023-08-09 | The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. |
| CVE-2023-39007 | 2023-08-09 | /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. |
| CVE-2023-39008 | 2023-08-09 | A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. |
| CVE-2023-39910 | 2023-08-09 | The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the... |
| CVE-2023-31448 | 2023-08-09 | A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving... |
| CVE-2023-31449 | 2023-08-09 | A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor... |
| CVE-2023-31450 | 2023-08-09 | A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors... |
| CVE-2023-4239 | 2023-08-09 | The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it... |
| CVE-2023-39341 | 2023-08-09 | "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows:... |
| CVE-2023-38751 | 2023-08-09 | Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver... |
| CVE-2023-38752 | 2023-08-09 | Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that... |
| CVE-2023-4243 | 2023-08-09 | The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This... |
| CVE-2023-4242 | 2023-08-09 | The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows... |
| CVE-2023-2905 | 2023-08-09 | Cesanta Mongoose MQTT Message Parsing Heap Overflow |
| CVE-2023-26310 | 2023-08-09 | Command Injection In OPPO Service |
| CVE-2023-37861 | 2023-08-09 | PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels |
| CVE-2023-37860 | 2023-08-09 | PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels |
| CVE-2023-37862 | 2023-08-09 | PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels |
| CVE-2023-37864 | 2023-08-09 | PHOENIX CONTACT: WP 6xxx Web panels prone to download code without integrity check |
| CVE-2023-37859 | 2023-08-09 | PHOENIX CONTACT: Improper Privilege Management in WP 6xxx Web panels |
| CVE-2023-37863 | 2023-08-09 | PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels |
| CVE-2023-37856 | 2023-08-09 | PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels |
| CVE-2023-37855 | 2023-08-09 | PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels |
| CVE-2023-37857 | 2023-08-09 | PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels |