CVE List - 2023 / August
Showing 2201 - 2300 of 2479 CVEs for August 2023 (Page 23 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-25089 | 2023-08-28 | glb Meetup Tag Extension Link Attribute reverse tabnabbing |
| CVE-2023-1997 | 2023-08-28 | OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x |
| CVE-2023-40590 | 2023-08-28 | Untrusted search path on Windows systems leading to arbitrary code execution |
| CVE-2023-39348 | 2023-08-28 | Improper log output when using GitHub Status Notifications in spinnaker |
| CVE-2023-40170 | 2023-08-28 | cross-site inclusion (XSSI) of files in jupyter-server |
| CVE-2023-39968 | 2023-08-28 | Open Redirect Vulnerability in jupyter-server |
| CVE-2023-4569 | 2023-08-28 | Kernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c |
| CVE-2020-18912 | 2023-08-29 | An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php. |
| CVE-2021-3262 | 2023-08-29 | TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the... |
| CVE-2023-38283 | 2023-08-29 | In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session.... |
| CVE-2023-38802 | 2023-08-29 | FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel... |
| CVE-2023-38971 | 2023-08-29 | Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new... |
| CVE-2023-38975 | 2023-08-29 | * Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component. |
| CVE-2023-39558 | 2023-08-29 | AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component. |
| CVE-2023-39559 | 2023-08-29 | AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. |
| CVE-2023-39616 | 2023-08-29 | AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. |
| CVE-2023-39663 | 2023-08-29 | Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because... |
| CVE-2023-39678 | 2023-08-29 | A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2023-40787 | 2023-08-29 | In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. |
| CVE-2023-41153 | 2023-08-29 | A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value... |
| CVE-2023-41358 | 2023-08-29 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. |
| CVE-2023-41359 | 2023-08-29 | An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during... |
| CVE-2023-41360 | 2023-08-29 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. |
| CVE-2023-41361 | 2023-08-29 | An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. |
| CVE-2023-41362 | 2023-08-29 | MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but... |
| CVE-2023-41363 | 2023-08-29 | In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users. |
| CVE-2023-41376 | 2023-08-29 | Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes. |
| CVE-2023-39615 | 2023-08-29 | Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a... |
| CVE-2023-40889 | 2023-08-29 | A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an... |
| CVE-2023-40890 | 2023-08-29 | A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability,... |
| CVE-2023-41265 | 2023-08-29 | An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10... |
| CVE-2023-41266 | 2023-08-29 | A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and... |
| CVE-2023-1995 | 2023-08-29 | Insufficient Logging Vulnerability in HiRDB |
| CVE-2023-32457 | 2023-08-29 | Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges. |
| CVE-2023-23770 | 2023-08-29 | Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded... |
| CVE-2023-23771 | 2023-08-29 | Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded... |
| CVE-2023-23772 | 2023-08-29 | Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary... |
| CVE-2023-23773 | 2023-08-29 | Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code... |
| CVE-2023-23774 | 2023-08-29 | Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled... |
| CVE-2023-0238 | 2023-08-29 | Injecting Activity Loads in WARP Mobile Client |
| CVE-2023-0654 | 2023-08-29 | Spoofing User's Activity Loads in WARP Mobile Client (Android) |
| CVE-2021-32050 | 2023-08-29 | Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application |
| CVE-2023-24548 | 2023-08-29 | On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets |
| CVE-2023-3646 | 2023-08-29 | On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload. |
| CVE-2023-41037 | 2023-08-29 | Cleartext Signed Message Signature Spoofing in openpgpjs |
| CVE-2023-39522 | 2023-08-29 | Username enumeration attack in goauthentik |
| CVE-2023-34039 | 2023-08-29 | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could... |
| CVE-2023-20890 | 2023-08-29 | Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting... |
| CVE-2023-3251 | 2023-08-29 | Pass-back vulnerability in Nessus |
| CVE-2023-3252 | 2023-08-29 | Arbitrary File Write |
| CVE-2023-3253 | 2023-08-29 | Improper authorization in Nessus |
| CVE-2023-39266 | 2023-08-29 | Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch |
| CVE-2023-39267 | 2023-08-29 | Authenticated Denial of Service Vulnerability in ArubaOS-Switch Command Line Interface |
| CVE-2023-4346 | 2023-08-29 | KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access... |
| CVE-2023-39268 | 2023-08-29 | Memory Corruption Vulnerability in ArubaOS-Switch |
| CVE-2023-4572 | 2023-08-29 | Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-32241 | 2023-08-29 | WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4611 | 2023-08-29 | Use after free race between mbind() and vma-locked page fault |
| CVE-2023-4296 | 2023-08-29 | PTC Codebeamer Cross site scripting |
| CVE-2023-31714 | 2023-08-30 | Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities. |
| CVE-2023-38970 | 2023-08-30 | Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add... |
| CVE-2023-39135 | 2023-08-30 | An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry. |
| CVE-2023-39136 | 2023-08-30 | An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file. |
| CVE-2023-39137 | 2023-08-30 | An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing. |
| CVE-2023-39138 | 2023-08-30 | An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file. |
| CVE-2023-39139 | 2023-08-30 | An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file. |
| CVE-2023-40837 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50"... |
| CVE-2023-40838 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. |
| CVE-2023-40839 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C"... |
| CVE-2023-40840 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fromGetWirelessRepeat." |
| CVE-2023-40841 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "add_white_node," |
| CVE-2023-40842 | 2023-08-30 | Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R7WebsSecurityHandler." |
| CVE-2023-40843 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "sub_73004." |
| CVE-2023-40844 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.' |
| CVE-2023-40845 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks. |
| CVE-2023-40847 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without... |
| CVE-2023-40848 | 2023-08-30 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "sub_7D858." |
| CVE-2023-41163 | 2023-08-30 | A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field... |
| CVE-2023-41538 | 2023-08-30 | phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. |
| CVE-2023-41539 | 2023-08-30 | phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter. |
| CVE-2023-41552 | 2023-08-30 | Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. |
| CVE-2023-41553 | 2023-08-30 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg. |
| CVE-2023-41554 | 2023-08-30 | Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet. |
| CVE-2023-41555 | 2023-08-30 | Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet. |
| CVE-2023-41556 | 2023-08-30 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. |
| CVE-2023-41557 | 2023-08-30 | Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat. |
| CVE-2023-41558 | 2023-08-30 | Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg. |
| CVE-2023-41559 | 2023-08-30 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. |
| CVE-2023-41560 | 2023-08-30 | Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg. |
| CVE-2023-41561 | 2023-08-30 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg. |
| CVE-2023-41562 | 2023-08-30 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. |
| CVE-2023-41563 | 2023-08-30 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo. |
| CVE-2023-41537 | 2023-08-30 | phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. |
| CVE-2023-4597 | 2023-08-30 | The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output... |
| CVE-2023-4596 | 2023-08-30 | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function... |
| CVE-2023-4599 | 2023-08-30 | The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output... |
| CVE-2023-4522 | 2023-08-30 | Improper Validation of Specified Type of Input in GitLab |
| CVE-2023-3136 | 2023-08-30 | The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping.... |
| CVE-2023-32740 | 2023-08-30 | WordPress Custom 404 Pro Plugin <= 3.8.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32742 | 2023-08-30 | WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS) |