CVE List - 2023 / August
Showing 2401 - 2479 of 2479 CVEs for August 2023 (Page 25 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-3162 | 2023-08-31 | The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user... |
| CVE-2023-2353 | 2023-08-31 | The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up... |
| CVE-2023-2172 | 2023-08-31 | The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the... |
| CVE-2023-2174 | 2023-08-31 | The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This... |
| CVE-2023-4315 | 2023-08-31 | The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output... |
| CVE-2023-3636 | 2023-08-31 | The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it... |
| CVE-2023-4160 | 2023-08-31 | The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and... |
| CVE-2023-3404 | 2023-08-31 | The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded... |
| CVE-2023-2354 | 2023-08-31 | The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due... |
| CVE-2023-2171 | 2023-08-31 | The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping... |
| CVE-2023-4000 | 2023-08-31 | The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-4500 | 2023-08-31 | The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization... |
| CVE-2023-2279 | 2023-08-31 | The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on... |
| CVE-2023-2188 | 2023-08-31 | The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied... |
| CVE-2023-2352 | 2023-08-31 | The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation... |
| CVE-2023-2173 | 2023-08-31 | The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the... |
| CVE-2023-3764 | 2023-08-31 | The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation... |
| CVE-2023-4471 | 2023-08-31 | The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient input... |
| CVE-2023-41738 | 2023-08-31 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to... |
| CVE-2023-41739 | 2023-08-31 | Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. |
| CVE-2023-41740 | 2023-08-31 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via... |
| CVE-2023-41741 | 2023-08-31 | Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2023-20900 | 2023-08-31 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been... |
| CVE-2023-33833 | 2023-08-31 | IBM Security Verify Information Queue information disclosure |
| CVE-2023-33834 | 2023-08-31 | IBM Security Verify Information Queue information disclosure |
| CVE-2023-33835 | 2023-08-31 | IBM Security Verify Information Queue information disclosure |
| CVE-2023-28801 | 2023-08-31 | Improper SAML signature verification |
| CVE-2023-41742 | 2023-08-31 | Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS,... |
| CVE-2022-45451 | 2023-08-31 | Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600,... |
| CVE-2022-46868 | 2023-08-31 | Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173. |
| CVE-2023-41743 | 2023-08-31 | Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637,... |
| CVE-2023-41744 | 2023-08-31 | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979. |
| CVE-2023-31167 | 2023-08-31 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2023-31168 | 2023-08-31 | Inclusion of Functionality from Untrusted Control Sphere |
| CVE-2023-31169 | 2023-08-31 | Improper Handling of Unicode Encoding |
| CVE-2023-31170 | 2023-08-31 | Inclusion of Functionality from Untrusted Control Sphere |
| CVE-2023-31171 | 2023-08-31 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CVE-2023-31172 | 2023-08-31 | Incomplete Filtering of Special Elements |
| CVE-2023-31173 | 2023-08-31 | Use of Hard-coded Credentials |
| CVE-2023-31174 | 2023-08-31 | Cross-Site Request Forgery (CSRF) |
| CVE-2023-31175 | 2023-08-31 | Execution with Unnecessary Privileges |
| CVE-2023-34391 | 2023-08-31 | Insecure Inherited Permissions |
| CVE-2023-34392 | 2023-08-31 | Missing Authentication for Critical Function |
| CVE-2023-4678 | 2023-08-31 | Divide By Zero in gpac/gpac |
| CVE-2023-4681 | 2023-08-31 | NULL Pointer Dereference in gpac/gpac |
| CVE-2023-4682 | 2023-08-31 | Heap-based Buffer Overflow in gpac/gpac |
| CVE-2023-4683 | 2023-08-31 | NULL Pointer Dereference in gpac/gpac |
| CVE-2023-41034 | 2023-08-31 | DDFFileParser in eclipse leshan is vulnerable to XXE Attacks |
| CVE-2023-41044 | 2023-08-31 | Partial path traversal vulnerability in Support Bundle feature of Graylog |
| CVE-2023-41745 | 2023-08-31 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows)... |
| CVE-2023-41746 | 2023-08-31 | Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. |
| CVE-2023-41747 | 2023-08-31 | Sensitive information disclosure due to unauthenticated path traversal. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. |
| CVE-2023-41748 | 2023-08-31 | Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. |
| CVE-2023-41045 | 2023-08-31 | Insecure source port usage for DNS queries in Graylog |
| CVE-2023-40589 | 2023-08-31 | FreeRDP Global-Buffer-Overflow in ncrush_decompress |
| CVE-2022-46869 | 2023-08-31 | Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278. |
| CVE-2023-39350 | 2023-08-31 | Incorrect offset calculation leading to denial of service in FreeRDP |
| CVE-2023-39354 | 2023-08-31 | FreeRDP Out-Of-Bounds Read in nsc_rle_decompress_data |
| CVE-2023-39355 | 2023-08-31 | FreeRDP Use-After-Free in RDPGFX_CMDID_RESETGRAPHICS |
| CVE-2023-39351 | 2023-08-31 | FreeRDP Null Pointer Dereference leading denial of service |
| CVE-2023-39353 | 2023-08-31 | Missing offset validation leading to Out Of Bound Read in FreeRDP |
| CVE-2023-41749 | 2023-08-31 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979. |
| CVE-2023-41750 | 2023-08-31 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047. |
| CVE-2023-41751 | 2023-08-31 | Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047. |
| CVE-2023-4688 | 2023-08-31 | Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433. |
| CVE-2023-4299 | 2023-08-31 | Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication |
| CVE-2023-39352 | 2023-08-31 | Invalid offset validation leading to Out Of Bound Write in FreeRDP |
| CVE-2023-39356 | 2023-08-31 | Missing offset validation leading to Out-of-Bounds Read in FreeRDP |
| CVE-2023-40181 | 2023-08-31 | Integer-Underflow leading to Out-Of-Bound Read in FreeRDP |
| CVE-2023-40186 | 2023-08-31 | IntegerOverflow leading to Out-Of-Bound Write Vulnerability in FreeRDP |
| CVE-2023-40187 | 2023-08-31 | Use-After-Free in FreeRDP |
| CVE-2023-40188 | 2023-08-31 | Out-Of-Bounds Read in FreeRDP |
| CVE-2023-40575 | 2023-08-31 | Out-Of-Bounds Read in FreeRDP |
| CVE-2023-40576 | 2023-08-31 | Out-Of-Bounds Read in FreeRDP |
| CVE-2023-40574 | 2023-08-31 | Out-Of-Bounds Write in FreeRDP |
| CVE-2023-40569 | 2023-08-31 | Out-Of-Bounds Write in FreeRDP |
| CVE-2023-40567 | 2023-08-31 | Out-Of-Bounds Write in FreeRDP |
| CVE-2023-4481 | 2023-08-31 | Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481) |
| CVE-2020-22612 | 2023-09-01 | Installer RCE on settings file write in MyBB before 1.8.22. |
| CVE-2022-44349 | 2023-09-01 | NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-46527 | 2023-09-01 | ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser. |
| CVE-2023-24674 | 2023-09-01 | Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. |
| CVE-2023-24675 | 2023-09-01 | Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. |
| CVE-2023-36076 | 2023-09-01 | SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. |
| CVE-2023-36088 | 2023-09-01 | Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information. |
| CVE-2023-36100 | 2023-09-01 | An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. |
| CVE-2023-36187 | 2023-09-01 | Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. |
| CVE-2023-36326 | 2023-09-01 | Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. |
| CVE-2023-36327 | 2023-09-01 | Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. |
| CVE-2023-37826 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-37827 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-37828 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-37829 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-37830 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-39582 | 2023-09-01 | SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions. |
| CVE-2023-39631 | 2023-09-01 | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. |
| CVE-2023-39685 | 2023-09-01 | An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. |
| CVE-2023-39703 | 2023-09-01 | A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file. |
| CVE-2023-39710 | 2023-09-01 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |
| CVE-2023-39714 | 2023-09-01 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |