CVE List - 2023 / September
Showing 1501 - 1600 of 2148 CVEs for September 2023 (Page 16 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-43765 | 2023-09-22 | Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint... |
| CVE-2023-43766 | 2023-09-22 | Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure... |
| CVE-2023-43767 | 2023-09-22 | Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure... |
| CVE-2023-43771 | 2023-09-22 | In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. |
| CVE-2023-43782 | 2023-09-22 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can... |
| CVE-2023-43783 | 2023-09-22 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can... |
| CVE-2023-43784 | 2023-09-22 | Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat. |
| CVE-2023-43770 | 2023-09-22 | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. |
| CVE-2023-23362 | 2023-09-22 | QTS, QuTS hero, QuTScloud |
| CVE-2023-23363 | 2023-09-22 | QTS |
| CVE-2023-23364 | 2023-09-22 | Multimedia Console |
| CVE-2023-43090 | 2023-09-22 | Gnome-shell: screenshot tool allows viewing open windows when session is locked |
| CVE-2023-4716 | 2023-09-22 | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and... |
| CVE-2023-4774 | 2023-09-22 | The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and... |
| CVE-2023-5002 | 2023-09-22 | Pgadmin4: remote code execution by an authenticated user |
| CVE-2023-34319 | 2023-09-22 | Linux: buffer overrun in netback due to unusual packet |
| CVE-2022-3874 | 2023-09-22 | Os command injection via ct_command and fcct_command |
| CVE-2022-4039 | 2023-09-22 | Rhsso-container-image: unsecured management interface exposed to adjecent network |
| CVE-2023-23766 | 2023-09-22 | Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling |
| CVE-2023-42798 | 2023-09-22 | AutomataCI Release Job Can Revert Repo to First Commit |
| CVE-2023-42811 | 2023-09-22 | AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure |
| CVE-2023-41027 | 2023-09-22 | Juplink RX4-1500 Credential Disclosure Vulnerability |
| CVE-2023-42812 | 2023-09-22 | Galaxy vulnerable to Server Side Request Forgery during data imports |
| CVE-2023-41029 | 2023-09-22 | Juplink RX4-1500 Command Injection Vulnerability |
| CVE-2023-41031 | 2023-09-22 | Juplink RX4-1500 homemng.htm Command Injection Vulnerability |
| CVE-2023-42821 | 2023-09-22 | github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations |
| CVE-2023-43640 | 2023-09-22 | TaxonWorks SQL injection vulnerability |
| CVE-2023-5125 | 2023-09-23 | The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and... |
| CVE-2023-5134 | 2023-09-23 | The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable... |
| CVE-2022-3962 | 2023-09-23 | Kiali: error message spoofing in kiali ui |
| CVE-2023-1260 | 2023-09-24 | Kube-apiserver: privesc |
| CVE-2023-1625 | 2023-09-24 | Information leak in api |
| CVE-2023-1636 | 2023-09-24 | Incomplete container isolation |
| CVE-2023-1633 | 2023-09-24 | Insecure barbican configuration file leaking credential |
| CVE-2023-5142 | 2023-09-24 | H3C ER6300G2 Config File userLogin.asp path traversal |
| CVE-2023-5143 | 2023-09-24 | D-Link DAR-7000 webmailattach.php Privilege Escalation |
| CVE-2023-5144 | 2023-09-24 | D-Link DAR-7000/DAR-8000 updateos.php unrestricted upload |
| CVE-2023-5145 | 2023-09-24 | D-Link DAR-7000 licence.php unrestricted upload |
| CVE-2015-6964 | 2023-09-25 | MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically... |
| CVE-2023-38907 | 2023-09-25 | An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay... |
| CVE-2023-39640 | 2023-09-25 | UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). |
| CVE-2023-41419 | 2023-09-25 | An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. |
| CVE-2023-42426 | 2023-09-25 | Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. |
| CVE-2023-43131 | 2023-09-25 | General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow. |
| CVE-2023-43132 | 2023-09-25 | szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password. |
| CVE-2023-43141 | 2023-09-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. |
| CVE-2023-43256 | 2023-09-25 | A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. |
| CVE-2023-43278 | 2023-09-25 | A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. |
| CVE-2023-43319 | 2023-09-25 | Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username... |
| CVE-2023-43325 | 2023-09-25 | A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. |
| CVE-2023-43326 | 2023-09-25 | A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. |
| CVE-2023-43339 | 2023-09-25 | Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. |
| CVE-2023-43382 | 2023-09-25 | Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. |
| CVE-2023-43456 | 2023-09-25 | Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in... |
| CVE-2023-43457 | 2023-09-25 | An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. |
| CVE-2023-43458 | 2023-09-25 | Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in... |
| CVE-2023-5146 | 2023-09-25 | D-Link DAR-7000/DAR-8000 updatelib.php unrestricted upload |
| CVE-2023-5147 | 2023-09-25 | D-Link DAR-7000 updateos.php unrestricted upload |
| CVE-2023-41949 | 2023-09-25 | WordPress iFolders Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41948 | 2023-09-25 | WordPress Cookie Notice & Consent Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41874 | 2023-09-25 | WordPress Order Delivery Date for WooCommerce Plugin <= 3.20.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5148 | 2023-09-25 | D-Link DAR-7000/DAR-8000 uploadfile.php unrestricted upload |
| CVE-2023-5149 | 2023-09-25 | D-Link DAR-7000 userattestation.php unrestricted upload |
| CVE-2023-41872 | 2023-09-25 | WordPress WoodMart Theme <= 7.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5150 | 2023-09-25 | D-Link DAR-7000/DAR-8000 web.php unrestricted upload |
| CVE-2023-5151 | 2023-09-25 | D-Link DAR-8000 autheditpwd.php sql injection |
| CVE-2023-5152 | 2023-09-25 | D-Link DAR-7000/DAR-8000 importexport.php sql injection |
| CVE-2023-5153 | 2023-09-25 | D-Link DAR-8000 querysql.php sql injection |
| CVE-2023-5154 | 2023-09-25 | D-Link DAR-8000 changelogo.php unrestricted upload |
| CVE-2023-39407 | 2023-09-25 | The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity. |
| CVE-2023-39408 | 2023-09-25 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. |
| CVE-2023-39409 | 2023-09-25 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. |
| CVE-2023-41294 | 2023-09-25 | The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. |
| CVE-2023-41295 | 2023-09-25 | Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. |
| CVE-2023-41296 | 2023-09-25 | Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality. |
| CVE-2023-41297 | 2023-09-25 | Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking. |
| CVE-2023-41298 | 2023-09-25 | Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-41299 | 2023-09-25 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. |
| CVE-2023-41300 | 2023-09-25 | Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. |
| CVE-2023-41301 | 2023-09-25 | Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-41302 | 2023-09-25 | Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-41293 | 2023-09-25 | Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2022-48605 | 2023-09-25 | Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. |
| CVE-2023-41303 | 2023-09-25 | Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified. |
| CVE-2023-3550 | 2023-09-25 | Stored XSS leads to privilege escalation in MediaWiki v1.40.0 |
| CVE-2023-40163 | 2023-09-25 | An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file... |
| CVE-2023-39453 | 2023-09-25 | A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver this file to... |
| CVE-2023-32653 | 2023-09-25 | An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open... |
| CVE-2023-35002 | 2023-09-25 | A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a... |
| CVE-2023-32284 | 2023-09-25 | An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file... |
| CVE-2023-32614 | 2023-09-25 | A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious... |
| CVE-2023-28393 | 2023-09-25 | A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious... |
| CVE-2023-23567 | 2023-09-25 | A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious... |
| CVE-2023-5165 | 2023-09-25 | Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell |
| CVE-2023-5166 | 2023-09-25 | Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL |
| CVE-2023-0625 | 2023-09-25 | Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog |
| CVE-2023-0626 | 2023-09-25 | Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route |
| CVE-2023-0627 | 2023-09-25 | Docker Desktop 4.11.x allows --no-windows-containers flag bypass |
| CVE-2023-0633 | 2023-09-25 | In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE |
| CVE-2023-5156 | 2023-09-25 | Glibc: dos due to memory leak in getaddrinfo.c |