CVE List - 2023 / August
Showing 501 - 600 of 2479 CVEs for August 2023 (Page 6 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-39523 | 2023-08-07 | ScanCode.io command injection in docker image fetch process |
| CVE-2023-24698 | 2023-08-08 | Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. |
| CVE-2023-26961 | 2023-08-08 | Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field... |
| CVE-2023-33756 | 2023-08-08 | An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. |
| CVE-2023-36136 | 2023-08-08 | PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear... |
| CVE-2023-36306 | 2023-08-08 | A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php... |
| CVE-2023-36344 | 2023-08-08 | An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not... |
| CVE-2023-36482 | 2023-08-08 | An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart. |
| CVE-2023-37646 | 2023-08-08 | An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal. |
| CVE-2023-37682 | 2023-08-08 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php. |
| CVE-2023-37683 | 2023-08-08 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin. |
| CVE-2023-37684 | 2023-08-08 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal. |
| CVE-2023-37685 | 2023-08-08 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal. |
| CVE-2023-37686 | 2023-08-08 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal. |
| CVE-2023-37687 | 2023-08-08 | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. |
| CVE-2023-37688 | 2023-08-08 | Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page. |
| CVE-2023-37689 | 2023-08-08 | Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page. |
| CVE-2023-37690 | 2023-08-08 | Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. |
| CVE-2023-38758 | 2023-08-08 | Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py,... |
| CVE-2023-38759 | 2023-08-08 | Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py,... |
| CVE-2023-38760 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. |
| CVE-2023-38761 | 2023-08-08 | Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. |
| CVE-2023-38762 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. |
| CVE-2023-38763 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. |
| CVE-2023-38764 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. |
| CVE-2023-38765 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. |
| CVE-2023-38766 | 2023-08-08 | Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. |
| CVE-2023-38767 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. |
| CVE-2023-38768 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. |
| CVE-2023-38769 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. |
| CVE-2023-38770 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. |
| CVE-2023-38771 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. |
| CVE-2023-38773 | 2023-08-08 | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. |
| CVE-2023-39086 | 2023-08-08 | ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext. |
| CVE-2023-39976 | 2023-08-08 | log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. |
| CVE-2023-39978 | 2023-08-08 | ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. |
| CVE-2023-40041 | 2023-08-08 | TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address... |
| CVE-2023-40042 | 2023-08-08 | TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address... |
| CVE-2023-33993 | 2023-08-08 | SQL Injection vulnerability in SAP Business One B1i Layer |
| CVE-2023-36923 | 2023-08-08 | Code Injection vulnerability in SAP PowerDesigner |
| CVE-2023-36926 | 2023-08-08 | Information disclosure vulnerability in SAP Host Agent |
| CVE-2023-37483 | 2023-08-08 | Improper Access Control Vulnerabilities in SAP PowerDesigner |
| CVE-2023-37484 | 2023-08-08 | Information Disclosure Vulnerabilities in SAP PowerDesigner |
| CVE-2023-37487 | 2023-08-08 | Security misconfiguration vulnerability in SAP Business One (Service Layer) |
| CVE-2023-37488 | 2023-08-08 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration |
| CVE-2023-37490 | 2023-08-08 | Binary hijack in SAP BusinessObjects Business Intelligence (Installer) |
| CVE-2023-37491 | 2023-08-08 | Improper Authorization check vulnerability in SAP Message Server |
| CVE-2023-37492 | 2023-08-08 | Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform |
| CVE-2023-39436 | 2023-08-08 | Information Disclosure in SAP Supplier Relationship Management |
| CVE-2023-39437 | 2023-08-08 | Cross-Site Scripting (XSS) vulnerability in SAP Business One |
| CVE-2023-39439 | 2023-08-08 | SAP Commerce accepts empty passphrases. |
| CVE-2023-39440 | 2023-08-08 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-37486 | 2023-08-08 | Information Disclosure vulnerability in SAP Commerce (OCC API) |
| CVE-2023-3573 | 2023-08-08 | PHOENIX CONTACT: Command Injection in WP 6xxx Web panels |
| CVE-2023-3571 | 2023-08-08 | PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels |
| CVE-2023-3572 | 2023-08-08 | PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels |
| CVE-2023-3570 | 2023-08-08 | PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels |
| CVE-2023-3526 | 2023-08-08 | PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices |
| CVE-2023-3569 | 2023-08-08 | PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT |
| CVE-2023-37569 | 2023-08-08 | OS Command Injection Vulnerability in Emagic Data Center Management Suite |
| CVE-2023-37570 | 2023-08-08 | Insufficient Session Expiration Vulnerability in Emagic Data Center Management Suite |
| CVE-2023-4009 | 2023-08-08 | Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager |
| CVE-2023-3898 | 2023-08-08 | SQLi in mAyaNets E-Commerce Software |
| CVE-2022-40510 | 2023-08-08 | Buffer copy without checking size of input in Audio. |
| CVE-2023-21625 | 2023-08-08 | Buffer Over-read in Network Services |
| CVE-2023-21626 | 2023-08-08 | Improper Authentication in HLOS. |
| CVE-2023-21627 | 2023-08-08 | Incorrect Type Conversion or Cast in Trusted Execution Environment |
| CVE-2023-21643 | 2023-08-08 | Untrusted Pointer Dereference in Automotive |
| CVE-2023-21647 | 2023-08-08 | Improper Input Validation in Bluetooth HOST |
| CVE-2023-21648 | 2023-08-08 | Integer Overflow to Buffer Overflow in RIL |
| CVE-2023-21649 | 2023-08-08 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN |
| CVE-2023-21650 | 2023-08-08 | Improper Validation of Array Index in GPS HLOS Driver |
| CVE-2023-21651 | 2023-08-08 | Incorrect Type Conversion or Cast in Core |
| CVE-2023-21652 | 2023-08-08 | Key Management Errors in HLOS |
| CVE-2023-22666 | 2023-08-08 | Integer Overflow or Wraparound in Audio |
| CVE-2023-28537 | 2023-08-08 | Integer Overflow or Wraparound in Audio |
| CVE-2023-28555 | 2023-08-08 | Buffer Over-read in Audio |
| CVE-2023-28561 | 2023-08-08 | Buffer Copy Without Checking Size of Input in QESL |
| CVE-2023-28575 | 2023-08-08 | Multiple Type Confusion Vulnerability |
| CVE-2023-28576 | 2023-08-08 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver |
| CVE-2023-28577 | 2023-08-08 | Multiple Dmabuf Kernel Address UAF Vulnerability |
| CVE-2021-41544 | 2023-08-08 | A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing... |
| CVE-2022-39062 | 2023-08-08 | A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with... |
| CVE-2023-24845 | 2023-08-08 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200,... |
| CVE-2023-27411 | 2023-08-08 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary... |
| CVE-2023-28830 | 2023-08-08 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter... |
| CVE-2023-30795 | 2023-08-08 | A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243),... |
| CVE-2023-30796 | 2023-08-08 | A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end... |
| CVE-2023-37372 | 2023-08-08 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary... |
| CVE-2023-37373 | 2023-08-08 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the... |
| CVE-2023-38524 | 2023-08-08 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions <... |
| CVE-2023-38525 | 2023-08-08 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions <... |
| CVE-2023-38526 | 2023-08-08 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions <... |
| CVE-2023-38527 | 2023-08-08 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12),... |
| CVE-2023-38528 | 2023-08-08 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184),... |
| CVE-2023-38529 | 2023-08-08 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter... |
| CVE-2023-38530 | 2023-08-08 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions <... |
| CVE-2023-38531 | 2023-08-08 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter... |
| CVE-2023-38532 | 2023-08-08 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions <... |
| CVE-2023-38641 | 2023-08-08 | A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application's database service is executed as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to... |