CVE List - 2023 / September
Showing 1901 - 2000 of 2148 CVEs for September 2023 (Page 20 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-42657 | 2023-09-27 | WS_FTP Server Directory Traversal |
| CVE-2023-40045 | 2023-09-27 | WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability |
| CVE-2023-40046 | 2023-09-27 | WS_FTP Server SQL Injection via Administrative Interface |
| CVE-2023-40047 | 2023-09-27 | WS_FTP Server Stored Cross-Site Scripting Vulnerability |
| CVE-2023-40048 | 2023-09-27 | WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability |
| CVE-2023-40049 | 2023-09-27 | WS_FTP Server Information Disclosure via Directory Listing |
| CVE-2023-43124 | 2023-09-27 | BIG-IP APM Clients TunnelCrack vulnerability |
| CVE-2023-43125 | 2023-09-27 | BIG-IP APM Clients TunnelCrack vulnerability |
| CVE-2023-4129 | 2023-09-27 | Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block... |
| CVE-2023-32458 | 2023-09-27 | Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability... |
| CVE-2023-20254 | 2023-09-27 | A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by... |
| CVE-2023-20253 | 2023-09-27 | A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back... |
| CVE-2023-20034 | 2023-09-27 | Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with... |
| CVE-2023-20262 | 2023-09-27 | A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access... |
| CVE-2023-20252 | 2023-09-27 | A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as... |
| CVE-2023-20231 | 2023-09-27 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due... |
| CVE-2023-20187 | 2023-09-27 | A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to... |
| CVE-2023-20033 | 2023-09-27 | A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly,... |
| CVE-2023-20223 | 2023-09-27 | A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device.... |
| CVE-2023-20226 | 2023-09-27 | A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to... |
| CVE-2023-20227 | 2023-09-27 | A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on... |
| CVE-2023-20186 | 2023-09-27 | A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and... |
| CVE-2023-20268 | 2023-09-27 | Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability |
| CVE-2023-20109 | 2023-09-27 | A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative... |
| CVE-2023-20202 | 2023-09-27 | A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service... |
| CVE-2023-20179 | 2023-09-27 | A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due... |
| CVE-2023-20176 | 2023-09-27 | A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to... |
| CVE-2023-20251 | 2023-09-27 | A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a... |
| CVE-2023-5184 | 2023-09-27 | Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver |
| CVE-2023-42822 | 2023-09-27 | Unchecked access to font glyph info in xrdp |
| CVE-2023-4523 | 2023-09-27 | Real Time Automation 460 Series Cross-site Scripting |
| CVE-2023-33972 | 2023-09-27 | Privilege escalation from having CREATE access on a keyspace in Scylladb |
| CVE-2023-43652 | 2023-09-27 | Non-MFA account takeover via using only SSH public key to login in jumpserver |
| CVE-2023-43650 | 2023-09-27 | Non-MFA account takeover via brute-force attack on weak password reset code in jumpserver |
| CVE-2023-43651 | 2023-09-27 | Remote code execution on the host system via MongoDB shell in jumpserver |
| CVE-2023-42818 | 2023-09-27 | SSH public key login without private key challenge if mfa is enabled in jumpserver |
| CVE-2023-43656 | 2023-09-27 | Sandbox escape for instances that have enabled transformation functions in matrix-hookshot |
| CVE-2023-40026 | 2023-09-27 | Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server |
| CVE-2023-4066 | 2023-09-27 | Operator: passwords defined in secrets shown in statefulset yaml |
| CVE-2023-43660 | 2023-09-27 | SSH key password bypassed in warpgate |
| CVE-2023-30415 | 2023-09-28 | Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. |
| CVE-2023-38870 | 2023-09-28 | A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is... |
| CVE-2023-38871 | 2023-09-28 | The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or... |
| CVE-2023-38872 | 2023-09-28 | An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user,... |
| CVE-2023-38873 | 2023-09-28 | The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or... |
| CVE-2023-38874 | 2023-09-28 | A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell... |
| CVE-2023-38877 | 2023-09-28 | A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible... |
| CVE-2023-41444 | 2023-09-28 | An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. |
| CVE-2023-41446 | 2023-09-28 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. |
| CVE-2023-41447 | 2023-09-28 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. |
| CVE-2023-41450 | 2023-09-28 | An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. |
| CVE-2023-41911 | 2023-09-28 | Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). |
| CVE-2023-42222 | 2023-09-28 | WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. |
| CVE-2023-43226 | 2023-09-28 | An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2023-43323 | 2023-09-28 | mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple -... |
| CVE-2023-43860 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function. |
| CVE-2023-43861 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function. |
| CVE-2023-43862 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function. |
| CVE-2023-43863 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function. |
| CVE-2023-43864 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function. |
| CVE-2023-43865 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function. |
| CVE-2023-43866 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function. |
| CVE-2023-43867 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function. |
| CVE-2023-43868 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function. |
| CVE-2023-43869 | 2023-09-28 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function. |
| CVE-2023-43871 | 2023-09-28 | A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). |
| CVE-2023-43872 | 2023-09-28 | A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). |
| CVE-2023-43873 | 2023-09-28 | A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. |
| CVE-2023-43874 | 2023-09-28 | Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the... |
| CVE-2023-43876 | 2023-09-28 | A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. |
| CVE-2023-43878 | 2023-09-28 | Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. |
| CVE-2023-43879 | 2023-09-28 | Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. |
| CVE-2023-43884 | 2023-09-28 | A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-44273 | 2023-09-28 | Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval. |
| CVE-2023-44275 | 2023-09-28 | OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. |
| CVE-2023-44276 | 2023-09-28 | OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. |
| CVE-2023-5244 | 2023-09-28 | Cross-site Scripting (XSS) - Reflected in microweber/microweber |
| CVE-2023-5232 | 2023-09-28 | The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and... |
| CVE-2023-5230 | 2023-09-28 | The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization... |
| CVE-2023-5233 | 2023-09-28 | The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output... |
| CVE-2023-26145 | 2023-09-28 | This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python... |
| CVE-2023-26149 | 2023-09-28 | Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. **Note:** If the mentions list is sourced from... |
| CVE-2022-47186 | 2023-09-28 | Unrestricted Upload of File vulnerability in Generex CS141 |
| CVE-2022-47187 | 2023-09-28 | File upload XSS vulnerability in Generex CS141 |
| CVE-2023-5215 | 2023-09-28 | Libnbd: crash or misbehaviour when nbd server returns an unexpected block size |
| CVE-2023-42756 | 2023-09-28 | Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap |
| CVE-2023-40307 | 2023-09-28 | Privileges Memory Corruption (Out-of-bound write) |
| CVE-2023-5217 | 2023-09-28 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... |
| CVE-2023-5186 | 2023-09-28 | Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption... |
| CVE-2023-5187 | 2023-09-28 | Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2023-43044 | 2023-09-28 | IBM License Metric Tool directory traversal |
| CVE-2023-40375 | 2023-09-28 | IBM i privilege escalation |
| CVE-2023-43657 | 2023-09-28 | Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration |
| CVE-2023-43663 | 2023-09-28 | Improper Privilege Management in Prestashop |
| CVE-2023-43664 | 2023-09-28 | Employee without any access rights can list all installed modules in Prestashop |
| CVE-2023-5256 | 2023-09-28 | Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 |
| CVE-2023-4316 | 2023-09-28 | Zod 3.22.2 - Regular expression Denial of Service |
| CVE-2023-5004 | 2023-09-28 | Hospital-management-system-in-php 378c157 - Blind SQL Injection |
| CVE-2023-5053 | 2023-09-28 | SQL Injection in hospital-management-system-in-php 378c157 in index.php |
| CVE-2023-43740 | 2023-09-28 | Online Book Store Project v1.0 - Insecure File Upload |