CVE List - 2023 / September
Showing 901 - 1000 of 2148 CVEs for September 2023 (Page 10 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-36767 | 2023-09-12 | Microsoft Office Security Feature Bypass Vulnerability |
| CVE-2023-36766 | 2023-09-12 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2023-36765 | 2023-09-12 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2023-36759 | 2023-09-12 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-36758 | 2023-09-12 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-36757 | 2023-09-12 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2023-36756 | 2023-09-12 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-36745 | 2023-09-12 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-36744 | 2023-09-12 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-36742 | 2023-09-12 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2023-36736 | 2023-09-12 | Microsoft Identity Linux Broker Remote Code Execution Vulnerability |
| CVE-2023-41764 | 2023-09-12 | Microsoft Office Spoofing Vulnerability |
| CVE-2023-29332 | 2023-09-12 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability |
| CVE-2023-33136 | 2023-09-12 | Azure DevOps Server Remote Code Execution Vulnerability |
| CVE-2023-36886 | 2023-09-12 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-38164 | 2023-09-12 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-38163 | 2023-09-12 | Windows Defender Attack Surface Reduction Security Feature Bypass |
| CVE-2023-38160 | 2023-09-12 | Windows TCP/IP Information Disclosure Vulnerability |
| CVE-2023-38155 | 2023-09-12 | Azure DevOps Server Remote Code Execution Vulnerability |
| CVE-2023-36800 | 2023-09-12 | Dynamics Finance and Operations Cross-site Scripting Vulnerability |
| CVE-2023-36799 | 2023-09-12 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2023-36796 | 2023-09-12 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36794 | 2023-09-12 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36793 | 2023-09-12 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36792 | 2023-09-12 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36788 | 2023-09-12 | .NET Framework Remote Code Execution Vulnerability |
| CVE-2023-36777 | 2023-09-12 | Microsoft Exchange Server Information Disclosure Vulnerability |
| CVE-2023-36773 | 2023-09-12 | 3D Builder Remote Code Execution Vulnerability |
| CVE-2023-36772 | 2023-09-12 | 3D Builder Remote Code Execution Vulnerability |
| CVE-2023-36771 | 2023-09-12 | 3D Builder Remote Code Execution Vulnerability |
| CVE-2023-36770 | 2023-09-12 | 3D Builder Remote Code Execution Vulnerability |
| CVE-2023-36764 | 2023-09-12 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
| CVE-2023-36763 | 2023-09-12 | Microsoft Outlook Information Disclosure Vulnerability |
| CVE-2023-36762 | 2023-09-12 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2023-36761 | 2023-09-12 | Microsoft Word Information Disclosure Vulnerability |
| CVE-2023-36760 | 2023-09-12 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2023-36740 | 2023-09-12 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2023-36739 | 2023-09-12 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2023-4501 | 2023-09-12 | Authentication bypass in OpenText (Micro Focus) Enterprise Server |
| CVE-2023-21521 | 2023-09-12 | An SQL Injection vulnerability in the Management Console (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database... |
| CVE-2023-21522 | 2023-09-12 | A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the... |
| CVE-2023-30962 | 2023-09-12 | Stored XSS in cerberus attachments |
| CVE-2023-4918 | 2023-09-12 | Plaintext storage of user password |
| CVE-2023-21523 | 2023-09-12 | A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context... |
| CVE-2023-4921 | 2023-09-12 | Use-after-free in Linux kernel's net/sched: sch_qfq component |
| CVE-2023-21520 | 2023-09-12 | A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with... |
| CVE-2023-41036 | 2023-09-12 | Macvim's Insecure Usage of IPC Mechanisms |
| CVE-2023-39215 | 2023-09-12 | Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. |
| CVE-2023-39208 | 2023-09-12 | Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access. |
| CVE-2023-3710 | 2023-09-12 | Printer web page invalid command execution |
| CVE-2023-39201 | 2023-09-12 | Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access. |
| CVE-2023-3711 | 2023-09-12 | Potential Predictable Session ID |
| CVE-2023-41331 | 2023-09-12 | SOFARPC Remote Command Execution (RCE) Vulnerability |
| CVE-2023-3712 | 2023-09-12 | Potential user privilege escalation |
| CVE-2023-41885 | 2023-09-12 | Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration |
| CVE-2023-4900 | 2023-09-12 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-4901 | 2023-09-12 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-4902 | 2023-09-12 | Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-4903 | 2023-09-12 | Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-4904 | 2023-09-12 | Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) |
| CVE-2023-4905 | 2023-09-12 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-4906 | 2023-09-12 | Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-4907 | 2023-09-12 | Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-4908 | 2023-09-12 | Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-4909 | 2023-09-12 | Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-4813 | 2023-09-12 | Glibc: potential use-after-free in gaih_inet() |
| CVE-2023-40617 | 2023-09-13 | A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload... |
| CVE-2023-40850 | 2023-09-13 | netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway. |
| CVE-2023-41152 | 2023-09-13 | A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field... |
| CVE-2023-41154 | 2023-09-13 | A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter... |
| CVE-2023-41155 | 2023-09-13 | A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2023-41158 | 2023-09-13 | A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while... |
| CVE-2023-41162 | 2023-09-13 | A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while... |
| CVE-2023-42468 | 2023-09-13 | The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without... |
| CVE-2023-42469 | 2023-09-13 | The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component. |
| CVE-2023-4928 | 2023-09-13 | SQL Injection in instantsoft/icms2 |
| CVE-2023-4213 | 2023-09-13 | The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled... |
| CVE-2023-4916 | 2023-09-13 | The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the... |
| CVE-2023-4153 | 2023-09-13 | The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes... |
| CVE-2023-4917 | 2023-09-13 | The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions... |
| CVE-2023-4915 | 2023-09-13 | The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset... |
| CVE-2023-4400 | 2023-09-13 | A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some... |
| CVE-2023-4039 | 2023-09-13 | GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64 |
| CVE-2023-26369 | 2023-09-13 | [Google Project Zero] Adobe Acrobat DC OOBW 0-day actively exploited in the wild |
| CVE-2023-29306 | 2023-09-13 | Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution |
| CVE-2023-29305 | 2023-09-13 | Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution |
| CVE-2023-41081 | 2023-09-13 | Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request |
| CVE-2023-25608 | 2023-09-13 | An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4... |
| CVE-2023-36551 | 2023-09-13 | A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. |
| CVE-2023-27998 | 2023-09-13 | A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to... |
| CVE-2023-34984 | 2023-09-13 | A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted... |
| CVE-2023-36642 | 2023-09-13 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized... |
| CVE-2023-36634 | 2023-09-13 | An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions... |
| CVE-2023-36638 | 2023-09-13 | An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through... |
| CVE-2023-40717 | 2023-09-13 | A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via... |
| CVE-2023-40715 | 2023-09-13 | A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external... |
| CVE-2023-29183 | 2023-09-13 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0... |
| CVE-2022-35849 | 2023-09-13 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0... |
| CVE-2021-44172 | 2023-09-13 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow... |
| CVE-2023-38214 | 2023-09-13 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |