CVE List - 2023 / August
Showing 1101 - 1200 of 2479 CVEs for August 2023 (Page 12 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-34427 | 2023-08-11 | Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2023-29243 | 2023-08-11 | Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local... |
| CVE-2023-33867 | 2023-08-11 | Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2023-33877 | 2023-08-11 | Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-30760 | 2023-08-11 | Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2023-32617 | 2023-08-11 | Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NUC Kit and Intel(R) Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via... |
| CVE-2023-34086 | 2023-08-11 | Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-22449 | 2023-08-11 | Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-36372 | 2023-08-11 | Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-34438 | 2023-08-11 | Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-22444 | 2023-08-11 | Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element,... |
| CVE-2023-22356 | 2023-08-11 | Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2023-22330 | 2023-08-11 | Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2023-32285 | 2023-08-11 | Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2023-34349 | 2023-08-11 | Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-32609 | 2023-08-11 | Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2023-32547 | 2023-08-11 | Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-32543 | 2023-08-11 | Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-32663 | 2023-08-11 | Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-40253 | 2023-08-11 | Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0... |
| CVE-2023-3823 | 2023-08-11 | Security issue with external entity loading in XML without enabling it |
| CVE-2023-3824 | 2023-08-11 | Buffer overflow and overread in phar_dir_read() |
| CVE-2023-40254 | 2023-08-11 | Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects... |
| CVE-2023-4105 | 2023-08-11 | Attachment of deleted message in a thread remains accessible and downloadable |
| CVE-2023-4106 | 2023-08-11 | A guest user can perform various actions on public playbooks |
| CVE-2023-4107 | 2023-08-11 | Incorrect authorization allows a user manager to update a system admin |
| CVE-2023-4108 | 2023-08-11 | Audit logging fails to sanitize post metadata |
| CVE-2023-39553 | 2023-08-11 | Apache Airflow Drill Provider Arbitrary File Read Vulnerability |
| CVE-2023-3864 | 2023-08-11 | SQL injection vulnerability in Snow License Manager |
| CVE-2023-3937 | 2023-08-11 | Cross site scripting vulnerabilities in Snow License Manager |
| CVE-2023-39417 | 2023-08-11 | Postgresql: extension script @substitutions@ within quoting allow sql injection |
| CVE-2023-39418 | 2023-08-11 | Postgresql: merge fails to enforce update or select row security policies |
| CVE-2023-39534 | 2023-08-11 | Malformed GAP submessage triggers assertion failure |
| CVE-2023-39945 | 2023-08-11 | Malformed serialized data in a data submessage leads to unhandled exception |
| CVE-2023-32267 | 2023-08-11 | OpenText / Micro Focus ArcSight Management Center Remote Vulnerability |
| CVE-2023-39946 | 2023-08-11 | Heap overflow in push_back_helper due to a CDR message |
| CVE-2023-39947 | 2023-08-11 | Another heap overflow in push_back_helper |
| CVE-2023-39948 | 2023-08-11 | Uncaught fastcdr exception (Unexpected CDR type received) crashing fastdds |
| CVE-2023-39949 | 2023-08-11 | Improper validation of sequence numbers leading to remotely reachable assertion failure |
| CVE-2023-0871 | 2023-08-11 | An XML External Entity injection vulnerability |
| CVE-2023-3452 | 2023-08-12 | The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute... |
| CVE-2023-4293 | 2023-08-12 | The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile'... |
| CVE-2023-4265 | 2023-08-12 | Buffer overflow in Zephyr USB |
| CVE-2023-23208 | 2023-08-13 | Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261. |
| CVE-2023-39388 | 2023-08-13 | Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. |
| CVE-2023-39389 | 2023-08-13 | Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. |
| CVE-2023-39392 | 2023-08-13 | Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten. |
| CVE-2023-39393 | 2023-08-13 | Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten. |
| CVE-2023-39396 | 2023-08-13 | Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-39405 | 2023-08-13 | Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges. |
| CVE-2023-39380 | 2023-08-13 | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally. |
| CVE-2023-39381 | 2023-08-13 | Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart. |
| CVE-2023-39382 | 2023-08-13 | Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart. |
| CVE-2023-39383 | 2023-08-13 | Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. |
| CVE-2023-39384 | 2023-08-13 | Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-39385 | 2023-08-13 | Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access. |
| CVE-2023-39386 | 2023-08-13 | Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart. |
| CVE-2023-39387 | 2023-08-13 | Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. |
| CVE-2023-39390 | 2023-08-13 | Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart. |
| CVE-2023-39391 | 2023-08-13 | Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-39394 | 2023-08-13 | Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified. |
| CVE-2023-39395 | 2023-08-13 | Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-39397 | 2023-08-13 | Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-39398 | 2023-08-13 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. |
| CVE-2023-39399 | 2023-08-13 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. |
| CVE-2023-39400 | 2023-08-13 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. |
| CVE-2023-39401 | 2023-08-13 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. |
| CVE-2023-39402 | 2023-08-13 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. |
| CVE-2023-39403 | 2023-08-13 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. |
| CVE-2023-39404 | 2023-08-13 | Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart. |
| CVE-2023-39406 | 2023-08-13 | Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart. |
| CVE-2021-46895 | 2023-08-13 | Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset... |
| CVE-2023-28480 | 2023-08-14 | An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users... |
| CVE-2023-28481 | 2023-08-14 | An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their... |
| CVE-2023-28482 | 2023-08-14 | An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the... |
| CVE-2023-28483 | 2023-08-14 | An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that... |
| CVE-2023-30186 | 2023-08-14 | A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. |
| CVE-2023-30187 | 2023-08-14 | An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. |
| CVE-2023-30188 | 2023-08-14 | Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file. |
| CVE-2023-31041 | 2023-08-14 | An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure. |
| CVE-2023-32748 | 2023-08-14 | The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access... |
| CVE-2023-37070 | 2023-08-14 | Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37847 | 2023-08-14 | novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. |
| CVE-2023-39292 | 2023-08-14 | A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database... |
| CVE-2023-39293 | 2023-08-14 | A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of... |
| CVE-2023-39827 | 2023-08-14 | Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function. |
| CVE-2023-39828 | 2023-08-14 | Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. |
| CVE-2023-39829 | 2023-08-14 | Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWirelessRepeat function. |
| CVE-2023-39908 | 2023-08-14 | The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized... |
| CVE-2023-40274 | 2023-08-14 | An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by... |
| CVE-2023-40283 | 2023-08-14 | An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. |
| CVE-2023-40291 | 2023-08-14 | Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name. |
| CVE-2023-40292 | 2023-08-14 | Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets. |
| CVE-2023-40293 | 2023-08-14 | Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object. |
| CVE-2023-40294 | 2023-08-14 | libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c. |
| CVE-2023-40295 | 2023-08-14 | libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c. |
| CVE-2023-40296 | 2023-08-14 | async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets. |
| CVE-2023-40303 | 2023-08-14 | GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant... |
| CVE-2023-40305 | 2023-08-14 | GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. |
| CVE-2023-40354 | 2023-08-14 | An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext... |