CVE List - 2023 / August
Showing 2001 - 2100 of 2479 CVEs for August 2023 (Page 21 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-34040 | 2023-08-24 | Java Deserialization vulnerability in Spring-Kafka When Improperly Configured |
| CVE-2023-40371 | 2023-08-24 | IBM AIX information disclosure |
| CVE-2022-46884 | 2023-08-24 | A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash.... |
| CVE-2023-40706 | 2023-08-24 | Improper Restriction of Excessive Authentication Attempts in OPTO 22 SNAP PAC S1 Built-in Web Server |
| CVE-2023-40707 | 2023-08-24 | Weak password requirements in OPTO 22 SNAP PAC S1 Built-in Web Server |
| CVE-2023-40708 | 2023-08-24 | Improper Access Control in OPTO 22 SNAP PAC S1 |
| CVE-2023-40709 | 2023-08-24 | Uncontrolled Resource Consumption in OPTO 22 SNAP PAC S1 Built-In Web Server |
| CVE-2023-40710 | 2023-08-24 | An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled... |
| CVE-2023-34971 | 2023-08-24 | QTS, QuTS hero |
| CVE-2023-34972 | 2023-08-24 | QTS, QuTS hero and QuTScloud |
| CVE-2023-34973 | 2023-08-24 | QTS, QuTS hero |
| CVE-2023-4418 | 2023-08-24 | A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood... |
| CVE-2023-4419 | 2023-08-24 | The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. |
| CVE-2023-4420 | 2023-08-24 | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the... |
| CVE-2023-31412 | 2023-08-24 | The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the... |
| CVE-2023-32077 | 2023-08-24 | Netmaker has Hardcoded DNS Secret Key |
| CVE-2023-32078 | 2023-08-24 | Netmaker IDOR Vulnerability Allows User to Update Other User's Password |
| CVE-2023-32079 | 2023-08-24 | Netmaker Privilige Escalation Vulnerability |
| CVE-2023-37469 | 2023-08-24 | CasaOS Command Injection vulnerability |
| CVE-2023-38508 | 2023-08-24 | Tuleap allows preview of a linked artifact with a type does not respect permissions |
| CVE-2023-39521 | 2023-08-24 | Tuleap vulnerable to Cross-site Scripting on the success message of a kanban deletion |
| CVE-2023-39519 | 2023-08-24 | CloudExplorer Lite sensitive information leakage vulnerability |
| CVE-2023-40017 | 2023-08-24 | Geonode Server Side Request Forgery vulnerability |
| CVE-2023-40022 | 2023-08-24 | Rizin vulnerable to Integer Overflow in C++ demangler logic |
| CVE-2023-4508 | 2023-08-24 | Denial of Service in Gerbv |
| CVE-2023-40030 | 2023-08-24 | Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports |
| CVE-2020-11711 | 2023-08-25 | An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from... |
| CVE-2021-27932 | 2023-08-25 | Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. |
| CVE-2023-24620 | 2023-08-25 | An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in... |
| CVE-2023-24621 | 2023-08-25 | An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the... |
| CVE-2023-34723 | 2023-08-25 | An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. |
| CVE-2023-36198 | 2023-08-25 | Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function. |
| CVE-2023-36199 | 2023-08-25 | An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component. |
| CVE-2023-37249 | 2023-08-25 | Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. |
| CVE-2023-38710 | 2023-08-25 | An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI... |
| CVE-2023-38711 | 2023-08-25 | An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes... |
| CVE-2023-38712 | 2023-08-25 | An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on... |
| CVE-2023-38973 | 2023-08-25 | A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2023-38974 | 2023-08-25 | A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2023-39287 | 2023-08-25 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a... |
| CVE-2023-39288 | 2023-08-25 | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command... |
| CVE-2023-39289 | 2023-08-25 | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A... |
| CVE-2023-39290 | 2023-08-25 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due... |
| CVE-2023-39291 | 2023-08-25 | A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper... |
| CVE-2023-39600 | 2023-08-25 | IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. |
| CVE-2023-39707 | 2023-08-25 | A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into... |
| CVE-2023-39742 | 2023-08-25 | giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. |
| CVE-2023-40796 | 2023-08-25 | Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call. |
| CVE-2023-40797 | 2023-08-25 | In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. |
| CVE-2023-40798 | 2023-08-25 | In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. |
| CVE-2023-40799 | 2023-08-25 | Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. |
| CVE-2023-40800 | 2023-08-25 | The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. |
| CVE-2023-40801 | 2023-08-25 | The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn |
| CVE-2023-40802 | 2023-08-25 | The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn |
| CVE-2023-40915 | 2023-08-25 | Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. |
| CVE-2023-41121 | 2023-08-25 | Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. |
| CVE-2023-41167 | 2023-08-25 | @webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source... |
| CVE-2023-41173 | 2023-08-25 | AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. |
| CVE-2023-40217 | 2023-08-25 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client... |
| CVE-2023-40577 | 2023-08-25 | Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint |
| CVE-2023-40570 | 2023-08-25 | Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users |
| CVE-2023-40182 | 2023-08-25 | silverware-io-issue-tracker server responds in a noticeably different amount of time depending if a given email address exists or not |
| CVE-2023-40179 | 2023-08-25 | Silverware Games vulnerable to account enumeration via inconsistent responses |
| CVE-2023-40599 | 2023-08-25 | Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as... |
| CVE-2023-4520 | 2023-08-25 | The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is... |
| CVE-2023-40530 | 2023-08-25 | Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead... |
| CVE-2023-32755 | 2023-08-25 | e-Excellence U-Office Force - Error Message Leakage |
| CVE-2023-32756 | 2023-08-25 | e-Excellence U-Office Force - Path Traversal |
| CVE-2023-32757 | 2023-08-25 | e-Excellence U-Office Force - Arbitrary File Upload |
| CVE-2023-3425 | 2023-08-25 | CVE-2023-3425: Out-of-Bounds memory read |
| CVE-2023-3406 | 2023-08-25 | Path traversal issue in M-Files Classic Web |
| CVE-2023-32518 | 2023-08-25 | WordPress WP Chinese Conversion Plugin <= 1.1.16 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32576 | 2023-08-25 | WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32577 | 2023-08-25 | WordPress DevBuddy Twitter Feed Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32584 | 2023-08-25 | WordPress eBecas Plugin <= 3.1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32591 | 2023-08-25 | WordPress DBargain Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4478 | 2023-08-25 | Parameter tampering in the registration resulting in blocked accounts to be created |
| CVE-2023-25649 | 2023-08-25 | OS Command Injection Vulnerability in a Mobile Internet Product of ZTE |
| CVE-2023-25981 | 2023-08-25 | WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32595 | 2023-08-25 | WordPress Sunny Search Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32596 | 2023-08-25 | WordPress weebotLite Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24394 | 2023-08-25 | WordPress iframe popup Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32575 | 2023-08-25 | WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.25 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32598 | 2023-08-25 | WordPress Featured Image Pro Post Grid Plugin <= 5.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32603 | 2023-08-25 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32797 | 2023-08-25 | WordPress video carousel slider with lightbox Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41248 | 2023-08-25 | In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration |
| CVE-2023-41249 | 2023-08-25 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step |
| CVE-2023-41250 | 2023-08-25 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration |
| CVE-2023-4534 | 2023-08-25 | NeoMind Fusion Platform Link cross site scripting |
| CVE-2022-4452 | 2023-08-25 | Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-38201 | 2023-08-25 | Keylime: challenge-response protocol bypass during agent registration |
| CVE-2019-13690 | 2023-08-25 | Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) |
| CVE-2019-13689 | 2023-08-25 | Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) |
| CVE-2023-25848 | 2023-08-25 | BUG-000158039 - There is an information disclosure issue in ArcGIS Server. |
| CVE-2023-40579 | 2023-08-25 | OpenFGA Authorization Bypass |
| CVE-2023-40031 | 2023-08-25 | Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert |
| CVE-2023-40580 | 2023-08-25 | Freighter mnemonic phrase may be accessed by Javascript through a private API |
| CVE-2023-40036 | 2023-08-25 | Notepad++ global buffer read overflow in CharDistributionAnalysis::HandleOneChar |
| CVE-2023-32678 | 2023-08-25 | Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers |