CVE List - 2023 / August
Showing 801 - 900 of 2479 CVEs for August 2023 (Page 9 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-37858 | 2023-08-09 | PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels |
| CVE-2022-47185 | 2023-08-09 | Apache Traffic Server: Invalid Range header causes a crash |
| CVE-2023-33934 | 2023-08-09 | Apache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies |
| CVE-2023-38209 | 2023-08-09 | Adobe Commerce Incorrect Authorization Security feature bypass |
| CVE-2023-38208 | 2023-08-09 | Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) |
| CVE-2023-38207 | 2023-08-09 | Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read |
| CVE-2023-24477 | 2023-08-09 | Session Fixation in Guardian/CMC before 22.6.2 |
| CVE-2023-22378 | 2023-08-09 | Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2 |
| CVE-2023-3632 | 2023-08-09 | Hard-coded Cryptographic Key in Kunduz - Homework Helper App |
| CVE-2023-38213 | 2023-08-09 | ZDI-CAN-21094: Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38211 | 2023-08-09 | ZDI-CAN-21078: Adobe Dimension GLB File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-38212 | 2023-08-09 | ZDI-CAN-21093: Adobe Dimension GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-23574 | 2023-08-09 | Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2 |
| CVE-2023-22843 | 2023-08-09 | Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2 |
| CVE-2023-24471 | 2023-08-09 | Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2 |
| CVE-2023-24015 | 2023-08-09 | Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 |
| CVE-2023-23903 | 2023-08-09 | DoS via SAML configuration in Guardian/CMC before 22.6.2 |
| CVE-2023-33953 | 2023-08-09 | Denial-of-Service in gRPC |
| CVE-2023-3953 | 2023-08-09 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from... |
| CVE-2023-4273 | 2023-08-09 | Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry |
| CVE-2023-3518 | 2023-08-09 | JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access |
| CVE-2023-40012 | 2023-08-09 | uthenticode EKU validation bypass |
| CVE-2023-39969 | 2023-08-09 | uthenticode signature validation bypass vulnerability |
| CVE-2023-39531 | 2023-08-09 | Sentry vulnerable to incorrect credential validation on OAuth token requests |
| CVE-2022-48580 | 2023-08-09 | A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command.... |
| CVE-2022-48581 | 2023-08-09 | A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows... |
| CVE-2022-48582 | 2023-08-09 | A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This... |
| CVE-2022-48583 | 2023-08-09 | A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for... |
| CVE-2022-48584 | 2023-08-09 | A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This... |
| CVE-2022-48585 | 2023-08-09 | A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48586 | 2023-08-09 | A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for... |
| CVE-2022-48587 | 2023-08-09 | A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for... |
| CVE-2022-48588 | 2023-08-09 | A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48589 | 2023-08-09 | A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48590 | 2023-08-09 | A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query.... |
| CVE-2022-48591 | 2023-08-09 | A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a... |
| CVE-2022-48592 | 2023-08-09 | A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a... |
| CVE-2022-48593 | 2023-08-09 | A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48594 | 2023-08-09 | A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48595 | 2023-08-09 | A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48596 | 2023-08-09 | A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48597 | 2023-08-09 | A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48598 | 2023-08-09 | A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This... |
| CVE-2022-48599 | 2023-08-09 | A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48600 | 2023-08-09 | A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for... |
| CVE-2022-48601 | 2023-08-09 | A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48602 | 2023-08-09 | A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48603 | 2023-08-09 | A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows... |
| CVE-2022-48604 | 2023-08-09 | A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for... |
| CVE-2023-23346 | 2023-08-09 | Use of a broken cryptographic algorithm affects HCL DRYiCE MyCloud |
| CVE-2023-23347 | 2023-08-09 | Use of a broken cryptographic algorithm affects HCL DRYiCE iAutomate |
| CVE-2023-33241 | 2023-08-09 | GG18 / GG20 TSS Beta Parameter Vulnerability |
| CVE-2023-33242 | 2023-08-09 | Lindell17 TSS Abort Mishandling |
| CVE-2022-47636 | 2023-08-10 | A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the... |
| CVE-2023-36309 | 2023-08-10 | There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. |
| CVE-2023-36310 | 2023-08-10 | There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. |
| CVE-2023-36311 | 2023-08-10 | There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. |
| CVE-2023-36312 | 2023-08-10 | There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. |
| CVE-2023-36313 | 2023-08-10 | PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". |
| CVE-2023-36314 | 2023-08-10 | There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0. |
| CVE-2023-36315 | 2023-08-10 | There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0. |
| CVE-2023-37069 | 2023-08-10 | Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to... |
| CVE-2023-37543 | 2023-08-10 | Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723. |
| CVE-2023-37625 | 2023-08-10 | A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates. |
| CVE-2023-37734 | 2023-08-10 | EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow. |
| CVE-2023-38830 | 2023-08-10 | An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module. |
| CVE-2023-39776 | 2023-08-10 | A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2023-39805 | 2023-08-10 | iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. |
| CVE-2023-39806 | 2023-08-10 | iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. |
| CVE-2023-40216 | 2023-08-10 | OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or... |
| CVE-2023-40224 | 2023-08-10 | MISP 2.4.174 allows XSS in app/View/Events/index.ctp. |
| CVE-2023-40225 | 2023-08-10 | HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating... |
| CVE-2023-40235 | 2023-08-10 | An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate... |
| CVE-2023-38333 | 2023-08-10 | Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. |
| CVE-2023-30654 | 2023-08-10 | Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. |
| CVE-2023-30679 | 2023-08-10 | Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2023-30680 | 2023-08-10 | Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege. |
| CVE-2023-30681 | 2023-08-10 | An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. |
| CVE-2023-30682 | 2023-08-10 | Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission. |
| CVE-2023-30683 | 2023-08-10 | Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission. |
| CVE-2023-30684 | 2023-08-10 | Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. |
| CVE-2023-30685 | 2023-08-10 | Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode. |
| CVE-2023-30686 | 2023-08-10 | Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-30687 | 2023-08-10 | Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-30688 | 2023-08-10 | Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-30689 | 2023-08-10 | Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-30691 | 2023-08-10 | Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation. |
| CVE-2023-30693 | 2023-08-10 | Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-30694 | 2023-08-10 | Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. |
| CVE-2023-30695 | 2023-08-10 | Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy... |
| CVE-2023-30696 | 2023-08-10 | An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. |
| CVE-2023-30697 | 2023-08-10 | An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. |
| CVE-2023-30698 | 2023-08-10 | Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege. |
| CVE-2023-30699 | 2023-08-10 | Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers. |
| CVE-2023-30700 | 2023-08-10 | PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission. |
| CVE-2023-30701 | 2023-08-10 | PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access. |
| CVE-2023-30702 | 2023-08-10 | Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy... |
| CVE-2023-30703 | 2023-08-10 | Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information. |
| CVE-2023-30704 | 2023-08-10 | Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. |
| CVE-2023-30705 | 2023-08-10 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission. |