CVE List - 2023 / August
Showing 201 - 300 of 2479 CVEs for August 2023 (Page 3 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-4077 | 2023-08-03 | Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a... |
| CVE-2023-4078 | 2023-08-03 | Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged... |
| CVE-2023-4110 | 2023-08-03 | PHP Jabbers Availability Booking Calendar index.php cross site scripting |
| CVE-2023-4124 | 2023-08-03 | Missing Authorization in answerdev/answer |
| CVE-2023-4125 | 2023-08-03 | Weak Password Requirements in answerdev/answer |
| CVE-2023-4126 | 2023-08-03 | Insufficient Session Expiration in answerdev/answer |
| CVE-2023-4127 | 2023-08-03 | Race Condition within a Thread in answerdev/answer |
| CVE-2023-4111 | 2023-08-03 | PHP Jabbers Bus Reservation System index.php cross site scripting |
| CVE-2023-3346 | 2023-08-03 | Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series |
| CVE-2023-3932 | 2023-08-03 | Incorrect User Management in GitLab |
| CVE-2023-4112 | 2023-08-03 | PHP Jabbers Shuttle Booking Software index.php cross site scripting |
| CVE-2023-38744 | 2023-08-03 | Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function... |
| CVE-2023-38746 | 2023-08-03 | Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may... |
| CVE-2023-4113 | 2023-08-03 | PHP Jabbers Service Booking Script index.php cross site scripting |
| CVE-2023-38747 | 2023-08-03 | Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution... |
| CVE-2023-38748 | 2023-08-03 | Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution... |
| CVE-2023-4114 | 2023-08-03 | PHP Jabbers Night Club Booking Software index.php cross site scripting |
| CVE-2023-4115 | 2023-08-03 | PHP Jabbers Cleaning Business index.php cross site scripting |
| CVE-2023-4008 | 2023-08-03 | Incorrect Ownership Assignment in GitLab |
| CVE-2023-21407 | 2023-08-03 | Privilege escalation in AXIS License Plate Verifier ACAP |
| CVE-2023-21408 | 2023-08-03 | Insufficient file permissions leak user credentials of 3rd party integration interfaces in AXIS License Verifier ACAP |
| CVE-2023-21409 | 2023-08-03 | Insufficient file permissions leak administrator-privileged credentials in AXIS License Verifier ACAP |
| CVE-2023-21410 | 2023-08-03 | Non-sanitized user input could lead to arbitrary code execution in AXIS License Plate Verifier |
| CVE-2023-21411 | 2023-08-03 | Non-sanitized user input could lead to arbitrary code execution during Access Control configuration in AXIS License Plate Verifier |
| CVE-2023-21412 | 2023-08-03 | Non-sanitized user input could lead to SQL injections in AXIS License Plate Verifier |
| CVE-2023-4116 | 2023-08-03 | PHP Jabbers Taxi Booking index.php cross site scripting |
| CVE-2023-4117 | 2023-08-03 | PHP Jabbers Rental Property Booking index.php cross site scripting |
| CVE-2023-4118 | 2023-08-03 | Cute Http File Server Search cross site scripting |
| CVE-2023-4119 | 2023-08-03 | Academy LMS courses cross site scripting |
| CVE-2023-4120 | 2023-08-03 | Byzoro Smart S85F Management Platform importhtml.php command injection |
| CVE-2023-4121 | 2023-08-03 | Byzoro Smart S85F Management Platform unrestricted upload |
| CVE-2023-3663 | 2023-08-03 | CODESYS: Missing integrity check in CODESYS Development System |
| CVE-2023-3662 | 2023-08-03 | CODESYS: Vulnerability in CODESYS Development System allows for execution of binaries |
| CVE-2023-37545 | 2023-08-03 | CODESYS: Improper Input Validation in CmpApp component |
| CVE-2023-37546 | 2023-08-03 | CODESYS: Improper Input Validation in CmpApp component |
| CVE-2023-37547 | 2023-08-03 | CODESYS: Improper Input Validation in CmpApp component |
| CVE-2023-37548 | 2023-08-03 | CODESYS: Improper Input Validation in CmpApp component |
| CVE-2023-37549 | 2023-08-03 | CODESYS: Improper Input Validation in CmpApp component |
| CVE-2023-37550 | 2023-08-03 | CODESYS: Improper Input Validation in CmpApp component |
| CVE-2023-37551 | 2023-08-03 | CODESYS Files or Directories Accessible to External Parties in CmpApp |
| CVE-2023-37552 | 2023-08-03 | CODESYS Improper Input Validation in CmpAppBP |
| CVE-2023-37553 | 2023-08-03 | CODESYS Improper Input Validation in CmpAppBP |
| CVE-2023-37554 | 2023-08-03 | CODESYS Improper Input Validation in CmpAppBP |
| CVE-2023-37555 | 2023-08-03 | CODESYS Improper Input Validation in CmpAppBP |
| CVE-2023-37556 | 2023-08-03 | CODESYS Improper Input Validation in CmpAppBP |
| CVE-2023-37557 | 2023-08-03 | CODESYS Heap-based Buffer Overflow in multiple products |
| CVE-2023-37558 | 2023-08-03 | CODESYS Improper Validation of Consistency within Input in multiple products |
| CVE-2023-37559 | 2023-08-03 | CODESYS Improper Validation of Consistency within Input in multiple products |
| CVE-2023-3669 | 2023-08-03 | CODESYS: Missing Brute-Force protection in CODESYS Development System |
| CVE-2022-4046 | 2023-08-03 | CODESYS: Improper memory restrictions fro CODESYS Control |
| CVE-2022-34453 | 2023-08-03 | Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which... |
| CVE-2023-22317 | 2023-08-03 | Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability... |
| CVE-2023-22314 | 2023-08-03 | Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability... |
| CVE-2023-22277 | 2023-08-03 | Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability... |
| CVE-2022-26838 | 2023-08-03 | Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition. |
| CVE-2023-4136 | 2023-08-03 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafter Engine |
| CVE-2023-4138 | 2023-08-03 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb |
| CVE-2023-3348 | 2023-08-03 | Directory traversal vulnerability in Cloudflare Wrangler |
| CVE-2023-3766 | 2023-08-03 | Invalid Slice Split Results in Server Panic |
| CVE-2023-2754 | 2023-08-03 | Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client |
| CVE-2023-3180 | 2023-08-03 | Heap buffer overflow in virtio_crypto_sym_op_helper() |
| CVE-2023-4133 | 2023-08-03 | Kernel: cxgb4: use-after-free in ch_flower_stats_cb() |
| CVE-2023-4132 | 2023-08-03 | Kernel: smsusb: use-after-free caused by do_submit_urb() |
| CVE-2023-4145 | 2023-08-03 | Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework |
| CVE-2023-25524 | 2023-08-03 | NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker... |
| CVE-2023-35081 | 2023-08-03 | A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. |
| CVE-2023-0956 | 2023-08-03 | TEL-STER TelWin SCADA WebInterface Path Traversal |
| CVE-2023-3749 | 2023-08-03 | VideoEdge config |
| CVE-2023-30951 | 2023-08-03 | CVE-2023-30951 |
| CVE-2023-30958 | 2023-08-03 | DOM XSS in Developer mode dashboard via redirect GET parameter |
| CVE-2023-30950 | 2023-08-03 | CVE-2023-30950 |
| CVE-2023-30952 | 2023-08-03 | Foundry Issues reporterPath phishing by parameter injection |
| CVE-2023-37497 | 2023-08-03 | An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform |
| CVE-2023-20204 | 2023-08-03 | A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of... |
| CVE-2023-20215 | 2023-08-03 | A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a... |
| CVE-2023-20216 | 2023-08-03 | A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability... |
| CVE-2023-20218 | 2023-08-03 | A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of... |
| CVE-2023-20181 | 2023-08-03 | A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to... |
| CVE-2023-20214 | 2023-08-03 | A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions... |
| CVE-2023-37498 | 2023-08-03 | HCL Unica Platform is vulnerable to a privilege escalation by unauthorized group assignation |
| CVE-2023-37499 | 2023-08-03 | A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform |
| CVE-2023-37500 | 2023-08-03 | A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform |
| CVE-2023-37501 | 2023-08-03 | A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Campaign |
| CVE-2023-0525 | 2023-08-03 | Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21... |
| CVE-2023-3373 | 2023-08-03 | Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows... |
| CVE-2022-41401 | 2023-08-04 | OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. |
| CVE-2023-29689 | 2023-08-04 | PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands... |
| CVE-2023-30146 | 2023-08-04 | Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials. |
| CVE-2023-33372 | 2023-08-04 | Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is... |
| CVE-2023-33373 | 2023-08-04 | Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices. |
| CVE-2023-33374 | 2023-08-04 | Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this... |
| CVE-2023-33375 | 2023-08-04 | Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices. |
| CVE-2023-33376 | 2023-08-04 | Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. |
| CVE-2023-33377 | 2023-08-04 | Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on... |
| CVE-2023-33378 | 2023-08-04 | Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. |
| CVE-2023-33379 | 2023-08-04 | Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to... |
| CVE-2023-38332 | 2023-08-04 | Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure. |
| CVE-2023-38964 | 2023-08-04 | Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2023-39107 | 2023-08-04 | An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. |
| CVE-2023-39112 | 2023-08-04 | ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. |