CVE List - 2023 / August
Showing 2101 - 2200 of 2479 CVEs for August 2023 (Page 22 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-40164 | 2023-08-25 | Notepad++ global buffer read overflow in nsCodingStateMachine::NextState |
| CVE-2023-40166 | 2023-08-25 | Notepad++ heap buffer read overflow in FileManager::detectLanguageFromTextBegining |
| CVE-2023-40583 | 2023-08-25 | libp2p nodes vulnerable to OOM attack |
| CVE-2023-40571 | 2023-08-25 | weblogic-framework Deserialization of Untrusted Data vulnerability |
| CVE-2023-40585 | 2023-08-25 | Unauthenticated access to Ironic API |
| CVE-2023-40586 | 2023-08-25 | go package github.com/corazawaf/coraza is vulnerable to denial of service |
| CVE-2023-41080 | 2023-08-25 | Apache Tomcat: Open redirect with FORM authentication |
| CVE-2023-2906 | 2023-08-25 | Wireshark CP2179 divide by zero |
| CVE-2023-40587 | 2023-08-25 | Pyramid static view path traversal up one directory |
| CVE-2023-4542 | 2023-08-25 | D-Link DAR-8000-10 sys1.php os command injection |
| CVE-2023-4543 | 2023-08-25 | IBOS OA export&contactids=x sql injection |
| CVE-2023-36741 | 2023-08-26 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-4544 | 2023-08-26 | Byzoro Smart S85F Management Platform php.ini direct request |
| CVE-2023-4545 | 2023-08-26 | IBOS OA export&checkids=x sql injection |
| CVE-2023-4546 | 2023-08-26 | Byzoro Smart S85F Management Platform licence.php access control |
| CVE-2023-4547 | 2023-08-26 | SPA-Cart eCommerce CMS search cross site scripting |
| CVE-2023-4548 | 2023-08-26 | SPA-Cart eCommerce CMS GET Parameter search sql injection |
| CVE-2023-4555 | 2023-08-27 | SourceCodester Inventory Management System suppliar_data.php cross site scripting |
| CVE-2023-4556 | 2023-08-27 | SourceCodester Online Graduate Tracer System sexit.php mysqli_query sql injection |
| CVE-2023-4557 | 2023-08-27 | SourceCodester Inventory Management System search_purchase_paymen_report.php sql injection |
| CVE-2023-38730 | 2023-08-27 | IBM Spectrum Copy Data Management information disclosure |
| CVE-2023-30435 | 2023-08-27 | IBM Security Guardium cross-site scripting |
| CVE-2023-30436 | 2023-08-27 | IBM Security Guardium cross-site scripting |
| CVE-2023-30437 | 2023-08-27 | IBM Security Guardium information disclosure |
| CVE-2023-4558 | 2023-08-27 | SourceCodester Inventory Management System staff_data.php sql injection |
| CVE-2023-4559 | 2023-08-27 | Bettershop LaikeTui POST Request unrestricted upload |
| CVE-2022-43907 | 2023-08-27 | IBM Security Guardium command execution |
| CVE-2022-43909 | 2023-08-27 | IBM Security Guardium cross-site scripting |
| CVE-2023-33852 | 2023-08-27 | IBM Security Guardium SQL injection |
| CVE-2022-43904 | 2023-08-27 | IBM Security Guardium information disclosure |
| CVE-2020-24165 | 2023-08-28 | An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed... |
| CVE-2020-27366 | 2023-08-28 | Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code. |
| CVE-2022-46783 | 2023-08-28 | An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book. |
| CVE-2023-26095 | 2023-08-28 | ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet. |
| CVE-2023-34724 | 2023-08-28 | An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface. |
| CVE-2023-34725 | 2023-08-28 | An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection. |
| CVE-2023-34758 | 2023-08-28 | Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses. |
| CVE-2023-35785 | 2023-08-28 | Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud... |
| CVE-2023-36481 | 2023-08-28 | An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP... |
| CVE-2023-38969 | 2023-08-28 | Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book... |
| CVE-2023-39059 | 2023-08-28 | An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. |
| CVE-2023-39062 | 2023-08-28 | Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php. |
| CVE-2023-39560 | 2023-08-28 | ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php. |
| CVE-2023-39562 | 2023-08-28 | GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file. |
| CVE-2023-39578 | 2023-08-28 | A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2023-39650 | 2023-08-28 | Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single. |
| CVE-2023-39652 | 2023-08-28 | theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run(). |
| CVE-2023-39708 | 2023-08-28 | A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into... |
| CVE-2023-39709 | 2023-08-28 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |
| CVE-2023-40748 | 2023-08-28 | PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php. |
| CVE-2023-40749 | 2023-08-28 | PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php. |
| CVE-2023-40750 | 2023-08-28 | There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. |
| CVE-2023-40751 | 2023-08-28 | PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php. |
| CVE-2023-40752 | 2023-08-28 | There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. |
| CVE-2023-40753 | 2023-08-28 | There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2. |
| CVE-2023-40754 | 2023-08-28 | In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. |
| CVE-2023-40755 | 2023-08-28 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. |
| CVE-2023-40756 | 2023-08-28 | User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is... |
| CVE-2023-40757 | 2023-08-28 | User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user... |
| CVE-2023-40758 | 2023-08-28 | User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is... |
| CVE-2023-40759 | 2023-08-28 | User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the... |
| CVE-2023-40760 | 2023-08-28 | User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the... |
| CVE-2023-40761 | 2023-08-28 | User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user... |
| CVE-2023-40762 | 2023-08-28 | User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is... |
| CVE-2023-40763 | 2023-08-28 | User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user... |
| CVE-2023-40764 | 2023-08-28 | User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the... |
| CVE-2023-40765 | 2023-08-28 | User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user... |
| CVE-2023-40766 | 2023-08-28 | User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the... |
| CVE-2023-40767 | 2023-08-28 | User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if... |
| CVE-2023-40781 | 2023-08-28 | Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function. |
| CVE-2023-40825 | 2023-08-28 | An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list. |
| CVE-2023-40826 | 2023-08-28 | An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter. |
| CVE-2023-40827 | 2023-08-28 | An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. |
| CVE-2023-40828 | 2023-08-28 | An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. |
| CVE-2023-40846 | 2023-08-28 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998. |
| CVE-2023-40857 | 2023-08-28 | Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component. |
| CVE-2023-40997 | 2023-08-28 | Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet. |
| CVE-2023-40998 | 2023-08-28 | Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component. |
| CVE-2023-41005 | 2023-08-28 | An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php |
| CVE-2023-41109 | 2023-08-28 | SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection. |
| CVE-2023-39810 | 2023-08-28 | An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. |
| CVE-2023-4561 | 2023-08-28 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s |
| CVE-2023-4560 | 2023-08-28 | Improper Authorization of Index Containing Sensitive Information in omeka/omeka-s |
| CVE-2023-26272 | 2023-08-28 | IBM Security Guardium Data Encryption information disclosure |
| CVE-2023-26271 | 2023-08-28 | IBM Security Guardium Data Encryption information disclosure |
| CVE-2023-26270 | 2023-08-28 | IBM Security Guardium Data Encryption code execution |
| CVE-2023-22877 | 2023-08-28 | IBM InfoSphere Information Server CSV injection |
| CVE-2023-23473 | 2023-08-28 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2023-24959 | 2023-08-28 | IBM InfoSphere Information Server information disclosure |
| CVE-2023-38024 | 2023-08-28 | SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -1 |
| CVE-2023-38025 | 2023-08-28 | SpotCam Co., Ltd. SpotCamFHD - Command Injection -1 |
| CVE-2023-38026 | 2023-08-28 | SpotCam Co., Ltd. SpotCamFHD - Use of Hard-coded Cryptographic Key -2 |
| CVE-2016-15035 | 2023-08-28 | Doc2k RE-Chat re_chat.js cross site scripting |
| CVE-2023-38027 | 2023-08-28 | SpotCam Co., Ltd. SpotCam Sense - Command Injection |
| CVE-2023-38028 | 2023-08-28 | Saho ADM100&ADM-100FP - Broken Access Control |
| CVE-2023-38029 | 2023-08-28 | Saho ADM100&ADM-100FP - Arbitrary File Upload |
| CVE-2023-38030 | 2023-08-28 | Saho ADM100&ADM-100FP - Execute Code |
| CVE-2023-27604 | 2023-08-28 | Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability |
| CVE-2023-40195 | 2023-08-28 | Apache Airflow Spark Provider Deserialization Vulnerability RCE |
| CVE-2017-20186 | 2023-08-28 | nikooo777 ckSurf Spectator List Name misc.sp SpecListMenuDead denial of service |