CVE List - 2023 / September
Showing 1301 - 1400 of 2148 CVEs for September 2023 (Page 14 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-42451 | 2023-09-19 | Mastodon Invalid Domain Name Normalization vulnerability |
| CVE-2023-42452 | 2023-09-19 | Mastodon vulnerable to Stored XSS through the translation feature |
| CVE-2023-42793 | 2023-09-19 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible |
| CVE-2023-43566 | 2023-09-19 | In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration |
| CVE-2023-22513 | 2023-09-19 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of... |
| CVE-2023-4376 | 2023-09-19 | Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS |
| CVE-2023-2995 | 2023-09-19 | Leyka < 3.30.4 - Admin+ Stored XSS |
| CVE-2019-19450 | 2023-09-20 | paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed... |
| CVE-2023-34575 | 2023-09-20 | SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. |
| CVE-2023-36109 | 2023-09-20 | Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. |
| CVE-2023-36234 | 2023-09-20 | Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. |
| CVE-2023-38875 | 2023-09-20 | A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into... |
| CVE-2023-38876 | 2023-09-20 | A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into... |
| CVE-2023-38886 | 2023-09-20 | An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. |
| CVE-2023-38887 | 2023-09-20 | File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. |
| CVE-2023-38888 | 2023-09-20 | Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to... |
| CVE-2023-39041 | 2023-09-20 | An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39044 | 2023-09-20 | An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39045 | 2023-09-20 | An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39052 | 2023-09-20 | An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39675 | 2023-09-20 | SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. |
| CVE-2023-39677 | 2023-09-20 | MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. |
| CVE-2023-40618 | 2023-09-20 | A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in... |
| CVE-2023-40619 | 2023-09-20 | phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in... |
| CVE-2023-40930 | 2023-09-20 | An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory traversal via mounting the Udisk to /mnt/. |
| CVE-2023-41484 | 2023-09-20 | An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file. |
| CVE-2023-41902 | 2023-09-20 | An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. |
| CVE-2023-42147 | 2023-09-20 | An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component. |
| CVE-2023-42321 | 2023-09-20 | Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. |
| CVE-2023-42322 | 2023-09-20 | Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. |
| CVE-2023-42331 | 2023-09-20 | A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. |
| CVE-2023-42334 | 2023-09-20 | An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. |
| CVE-2023-42335 | 2023-09-20 | Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. |
| CVE-2023-42464 | 2023-09-20 | A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value... |
| CVE-2023-43134 | 2023-09-20 | There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to... |
| CVE-2023-43135 | 2023-09-20 | There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and... |
| CVE-2023-43137 | 2023-09-20 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. |
| CVE-2023-43138 | 2023-09-20 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. |
| CVE-2023-43196 | 2023-09-20 | D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. |
| CVE-2023-43197 | 2023-09-20 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. |
| CVE-2023-43198 | 2023-09-20 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function. |
| CVE-2023-43199 | 2023-09-20 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. |
| CVE-2023-43200 | 2023-09-20 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. |
| CVE-2023-43201 | 2023-09-20 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function. |
| CVE-2023-43202 | 2023-09-20 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. |
| CVE-2023-43203 | 2023-09-20 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. |
| CVE-2023-43204 | 2023-09-20 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter. |
| CVE-2023-43206 | 2023-09-20 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter. |
| CVE-2023-43207 | 2023-09-20 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. |
| CVE-2023-43371 | 2023-09-20 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. |
| CVE-2023-43373 | 2023-09-20 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. |
| CVE-2023-43374 | 2023-09-20 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. |
| CVE-2023-43375 | 2023-09-20 | Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. |
| CVE-2023-43376 | 2023-09-20 | A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter. |
| CVE-2023-43377 | 2023-09-20 | A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. |
| CVE-2023-43616 | 2023-09-20 | An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction. |
| CVE-2023-43617 | 2023-09-20 | An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as... |
| CVE-2023-43618 | 2023-09-20 | An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message. |
| CVE-2023-43619 | 2023-09-20 | An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file. |
| CVE-2023-43620 | 2023-09-20 | An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver. |
| CVE-2023-43621 | 2023-09-20 | An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments. |
| CVE-2023-25525 | 2023-09-20 | NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may... |
| CVE-2023-25526 | 2023-09-20 | NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit... |
| CVE-2023-25527 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may... |
| CVE-2023-25528 | 2023-09-20 | NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network... |
| CVE-2023-25529 | 2023-09-20 | NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by... |
| CVE-2023-25530 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution,... |
| CVE-2023-25531 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial... |
| CVE-2023-25532 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure. |
| CVE-2023-25533 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure,... |
| CVE-2023-25534 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of... |
| CVE-2023-31008 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of... |
| CVE-2023-31009 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution,... |
| CVE-2023-31010 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information... |
| CVE-2023-31011 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of... |
| CVE-2023-31012 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of... |
| CVE-2023-31013 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of... |
| CVE-2023-31015 | 2023-09-20 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to... |
| CVE-2023-31014 | 2023-09-20 | NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer... |
| CVE-2023-4088 | 2023-09-20 | Malicious Code Execution Vulnerability in FA Engineering Software Products |
| CVE-2023-5062 | 2023-09-20 | The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping... |
| CVE-2023-5063 | 2023-09-20 | The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and... |
| CVE-2023-26144 | 2023-09-20 | Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This... |
| CVE-2023-2163 | 2023-09-20 | Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation |
| CVE-2022-47560 | 2023-09-20 | Cleartext Transmission of Sensitive Information in Ormazabal products |
| CVE-2022-47561 | 2023-09-20 | Unprotected Storage of Credentials in Ormazabal products |
| CVE-2022-47562 | 2023-09-20 | Allocation of Resources Without Limits or Throttling in Ormazabal products |
| CVE-2023-22644 | 2023-09-20 | JWT token compromise can allow malicious actions including Remote Code Execution (RCE) |
| CVE-2023-41375 | 2023-09-20 | Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved... |
| CVE-2023-41374 | 2023-09-20 | Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was... |
| CVE-2023-34047 | 2023-09-20 | Exposure of data and identity to wrong session in Spring for GraphQL |
| CVE-2022-45447 | 2023-09-20 | Path Traversal in M4 PDF plugin for Prestashop sites |
| CVE-2023-4853 | 2023-09-20 | Quarkus: http security policy bypass |
| CVE-2023-5084 | 2023-09-20 | Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp |
| CVE-2023-5042 | 2023-09-20 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. |
| CVE-2022-45448 | 2023-09-20 | Cross-site Scripting in M4 PDF plugin for Prestashop sites |
| CVE-2023-3341 | 2023-09-20 | A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly |
| CVE-2023-4236 | 2023-09-20 | named may terminate unexpectedly under high DNS-over-TLS query load |
| CVE-2023-0829 | 2023-09-20 | Cross-Site Scripting (XSS) vulnerability in Plesk |
| CVE-2023-43477 | 2023-09-20 | Post-Auth Command Injection in Telstra Smart Modem Gen 2 (Arcadyan LH1000) |