CVE List - 2023 / August
Showing 1201 - 1300 of 2479 CVEs for August 2023 (Page 13 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-40359 | 2023-08-14 | xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm... |
| CVE-2023-40360 | 2023-08-14 | QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is... |
| CVE-2023-40453 | 2023-08-14 | Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action... |
| CVE-2023-40518 | 2023-08-14 | LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. |
| CVE-2023-29468 | 2023-08-14 | The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame.... |
| CVE-2023-3259 | 2023-08-14 | The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct... |
| CVE-2023-3260 | 2023-08-14 | The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute... |
| CVE-2023-3261 | 2023-08-14 | The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect... |
| CVE-2023-3262 | 2023-08-14 | The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system... |
| CVE-2023-3263 | 2023-08-14 | The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation... |
| CVE-2023-3264 | 2023-08-14 | The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating... |
| CVE-2023-3265 | 2023-08-14 | An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by... |
| CVE-2023-3266 | 2023-08-14 | A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to... |
| CVE-2023-3267 | 2023-08-14 | When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System.... |
| CVE-2023-3160 | 2023-08-14 | Local privilege escalation in security products for Windows |
| CVE-2023-4321 | 2023-08-14 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit |
| CVE-2023-30483 | 2023-08-14 | WordPress Watu Quiz Plugin <= 3.3.9.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29097 | 2023-08-14 | WordPress a3 Portfolio Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30475 | 2023-08-14 | WordPress Coupon Affiliates Plugin <= 5.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30477 | 2023-08-14 | WordPress AFFILIATE Solution Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30489 | 2023-08-14 | WordPress Email Subscription Popup Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30754 | 2023-08-14 | WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30749 | 2023-08-14 | WordPress Optima Express + MarketBoost IDX Plugin Plugin <= 7.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28535 | 2023-08-14 | WordPress Paytm Payment Donation Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30751 | 2023-08-14 | WordPress Article Directory Redux Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30752 | 2023-08-14 | WordPress External Videos Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4322 | 2023-08-14 | Heap-based Buffer Overflow in radareorg/radare2 |
| CVE-2023-28768 | 2023-08-14 | Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions... |
| CVE-2023-33013 | 2023-08-14 | A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted... |
| CVE-2023-38741 | 2023-08-14 | IBM TXSeries for Multiplatforms denial of service |
| CVE-2023-0872 | 2023-08-14 | ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users |
| CVE-2023-38721 | 2023-08-14 | IBM i privilege escalation |
| CVE-2023-40311 | 2023-08-14 | Stored XSS in multiple JSP files in opennms/opennms |
| CVE-2023-40312 | 2023-08-14 | Reflected XSS in multiple JSP files in opennms/opennms |
| CVE-2023-3721 | 2023-08-14 | WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-3645 | 2023-08-14 | Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS |
| CVE-2023-2803 | 2023-08-14 | Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS |
| CVE-2022-4953 | 2023-08-14 | Elementor < 3.5.5 - Iframe Injection |
| CVE-2023-3435 | 2023-08-14 | User Activity Log < 1.6.5 - Unauthenticated SQLi |
| CVE-2023-2802 | 2023-08-14 | Ultimate Addons for Contact Form 7 < 3.1.29 - Admin+ Stored XSS |
| CVE-2023-3601 | 2023-08-14 | Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR |
| CVE-2023-3328 | 2023-08-14 | Custom Field For WP Job Manager < 1.2 - Admin+ Stored XSS |
| CVE-2023-2606 | 2023-08-14 | WP Brutal AI < 2.06 - Admin+ Stored XSS |
| CVE-2023-40024 | 2023-08-14 | Reflected Cross-Site Scripting (XSS) in scancode.io license endpoint |
| CVE-2023-40023 | 2023-08-14 | Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading |
| CVE-2023-40020 | 2023-08-14 | Improper Authentication in PrivateUploader |
| CVE-2023-40013 | 2023-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in external-svg-loader |
| CVE-2023-39950 | 2023-08-14 | Insufficient input validation in efibootguard |
| CVE-2023-38687 | 2023-08-14 | Execution of arbitrary JavaScript from Svelecte item names |
| CVE-2023-20965 | 2023-08-14 | In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege... |
| CVE-2023-21132 | 2023-08-14 | In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical... |
| CVE-2023-21133 | 2023-08-14 | In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical... |
| CVE-2023-21134 | 2023-08-14 | In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical... |
| CVE-2023-21140 | 2023-08-14 | In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical... |
| CVE-2023-21242 | 2023-08-14 | In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege... |
| CVE-2023-21264 | 2023-08-14 | In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation... |
| CVE-2023-21265 | 2023-08-14 | In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not... |
| CVE-2023-21267 | 2023-08-14 | In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local... |
| CVE-2023-21268 | 2023-08-14 | In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition... |
| CVE-2023-21269 | 2023-08-14 | In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of... |
| CVE-2023-21271 | 2023-08-14 | In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2023-21272 | 2023-08-14 | In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-21273 | 2023-08-14 | In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution... |
| CVE-2023-21274 | 2023-08-14 | In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-21275 | 2023-08-14 | In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2023-21276 | 2023-08-14 | In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2023-21277 | 2023-08-14 | In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution... |
| CVE-2023-21278 | 2023-08-14 | In multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2023-21279 | 2023-08-14 | In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-21280 | 2023-08-14 | In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction... |
| CVE-2023-21281 | 2023-08-14 | In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of... |
| CVE-2023-21282 | 2023-08-14 | In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2023-21283 | 2023-08-14 | In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional... |
| CVE-2023-21284 | 2023-08-14 | In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of... |
| CVE-2023-21285 | 2023-08-14 | In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution... |
| CVE-2023-21286 | 2023-08-14 | In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no... |
| CVE-2023-21287 | 2023-08-14 | In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not... |
| CVE-2023-21288 | 2023-08-14 | In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution... |
| CVE-2023-21289 | 2023-08-14 | In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution... |
| CVE-2023-21290 | 2023-08-14 | In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional... |
| CVE-2023-21292 | 2023-08-14 | In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure... |
| CVE-2023-35689 | 2023-08-14 | In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with... |
| CVE-2023-21235 | 2023-08-14 | In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation... |
| CVE-2023-21234 | 2023-08-14 | In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of... |
| CVE-2023-21233 | 2023-08-14 | In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2023-21232 | 2023-08-14 | In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution... |
| CVE-2023-21231 | 2023-08-14 | In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. This could lead to... |
| CVE-2023-21230 | 2023-08-14 | In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition... |
| CVE-2023-21229 | 2023-08-14 | In registerServiceLocked of ManagedServices.java, there is a possible bypass of background activity launch restrictions due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional... |
| CVE-2023-27947 | 2023-08-14 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. |
| CVE-2022-46724 | 2023-08-14 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS... |
| CVE-2023-32358 | 2023-08-14 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code... |
| CVE-2022-46725 | 2023-08-14 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious... |
| CVE-2023-28179 | 2023-08-14 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure... |
| CVE-2022-46722 | 2023-08-14 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. |
| CVE-2022-26699 | 2023-08-14 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients. |
| CVE-2022-42828 | 2023-08-14 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-22655 | 2023-08-14 | An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak... |
| CVE-2023-28198 | 2023-08-14 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code... |
| CVE-2023-28199 | 2023-08-14 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app... |