CVE List - 2023 / August
Showing 1001 - 1100 of 2479 CVEs for August 2023 (Page 11 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-27544 | 2023-08-11 | An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py. |
| CVE-2020-28717 | 2023-08-11 | Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code. |
| CVE-2020-28840 | 2023-08-11 | Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). |
| CVE-2020-28848 | 2023-08-11 | CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. |
| CVE-2020-28849 | 2023-08-11 | Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View... |
| CVE-2020-35139 | 2023-08-11 | An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). |
| CVE-2020-35141 | 2023-08-11 | An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). |
| CVE-2020-35990 | 2023-08-11 | Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf... |
| CVE-2020-36034 | 2023-08-11 | SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter... |
| CVE-2020-36037 | 2023-08-11 | An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. |
| CVE-2020-36082 | 2023-08-11 | File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. |
| CVE-2020-36136 | 2023-08-11 | SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php. |
| CVE-2020-36138 | 2023-08-11 | An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). |
| CVE-2021-25786 | 2023-08-11 | An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf. |
| CVE-2021-25856 | 2023-08-11 | An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php. |
| CVE-2021-25857 | 2023-08-11 | An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php. |
| CVE-2021-26504 | 2023-08-11 | Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js. |
| CVE-2021-26505 | 2023-08-11 | Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function. |
| CVE-2021-27523 | 2023-08-11 | An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface. |
| CVE-2021-27524 | 2023-08-11 | Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. |
| CVE-2021-28025 | 2023-08-11 | Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). |
| CVE-2021-28411 | 2023-08-11 | An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. |
| CVE-2021-28427 | 2023-08-11 | Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. |
| CVE-2021-28429 | 2023-08-11 | Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. |
| CVE-2021-28835 | 2023-08-11 | Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. |
| CVE-2021-29057 | 2023-08-11 | An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service. |
| CVE-2021-29378 | 2023-08-11 | SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. |
| CVE-2021-3236 | 2023-08-11 | vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. |
| CVE-2023-22955 | 2023-08-11 | An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how... |
| CVE-2023-22956 | 2023-08-11 | An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and... |
| CVE-2023-22957 | 2023-08-11 | An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files... |
| CVE-2023-40256 | 2023-08-11 | A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client... |
| CVE-2023-40260 | 2023-08-11 | EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to... |
| CVE-2020-36023 | 2023-08-11 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. |
| CVE-2020-36024 | 2023-08-11 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. |
| CVE-2023-40267 | 2023-08-11 | GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| CVE-2023-4304 | 2023-08-11 | Business Logic Errors in froxlor/froxlor |
| CVE-2023-37511 | 2023-08-11 | HCL Traveler To Do is affected by App Transport Security (ATS) settings allowing insecure loads in web content |
| CVE-2023-37513 | 2023-08-11 | HCL Traveler To Do is vulnerable to revealing sensitive information via the task switcher |
| CVE-2023-37512 | 2023-08-11 | HCL Traveler Companion is vulnerable to revealing sensitive information via the task switcher |
| CVE-2023-28736 | 2023-08-11 | Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-28938 | 2023-08-11 | Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. |
| CVE-2022-34657 | 2023-08-11 | Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-27635 | 2023-08-11 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-46329 | 2023-08-11 | Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-40964 | 2023-08-11 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-36351 | 2023-08-11 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2022-38076 | 2023-08-11 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-36392 | 2023-08-11 | Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an... |
| CVE-2022-38102 | 2023-08-11 | Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via... |
| CVE-2022-29871 | 2023-08-11 | Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-25775 | 2023-08-11 | Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2022-43456 | 2023-08-11 | Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-24016 | 2023-08-11 | Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41984 | 2023-08-11 | Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially... |
| CVE-2022-38973 | 2023-08-11 | Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially... |
| CVE-2022-37343 | 2023-08-11 | Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-44611 | 2023-08-11 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. |
| CVE-2022-38083 | 2023-08-11 | Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-27879 | 2023-08-11 | Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-43505 | 2023-08-11 | Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2023-22338 | 2023-08-11 | Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2023-22840 | 2023-08-11 | Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2023-25773 | 2023-08-11 | Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-25182 | 2023-08-11 | Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-40982 | 2023-08-11 | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2023-23577 | 2023-08-11 | Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2023-22841 | 2023-08-11 | Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version... |
| CVE-2023-22276 | 2023-08-11 | Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2023-23908 | 2023-08-11 | Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-41804 | 2023-08-11 | Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-27506 | 2023-08-11 | Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-28405 | 2023-08-11 | Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-25944 | 2023-08-11 | Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-45112 | 2023-08-11 | Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-27505 | 2023-08-11 | Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2023-27509 | 2023-08-11 | Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access. |
| CVE-2023-26587 | 2023-08-11 | Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-27392 | 2023-08-11 | Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2023-28385 | 2023-08-11 | Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access. |
| CVE-2023-28714 | 2023-08-11 | Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege... |
| CVE-2022-25864 | 2023-08-11 | Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-28658 | 2023-08-11 | Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-29470 | 2023-08-11 | Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-28380 | 2023-08-11 | Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2023-27515 | 2023-08-11 | Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2023-28711 | 2023-08-11 | Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2023-27391 | 2023-08-11 | Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-28823 | 2023-08-11 | Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-37336 | 2023-08-11 | Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-29494 | 2023-08-11 | Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-27887 | 2023-08-11 | Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2023-29500 | 2023-08-11 | Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access. |
| CVE-2022-29887 | 2023-08-11 | Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2023-25757 | 2023-08-11 | Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access. |
| CVE-2022-44612 | 2023-08-11 | Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access. |
| CVE-2023-34355 | 2023-08-11 | Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated... |
| CVE-2023-31246 | 2023-08-11 | Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-29151 | 2023-08-11 | Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-32656 | 2023-08-11 | Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local... |