CVE List - 2023 / September
Showing 301 - 400 of 2148 CVEs for September 2023 (Page 4 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-21636 | 2023-09-05 | Improper Validation of Array Index in Linux |
| CVE-2023-21644 | 2023-09-05 | Integer Overflow to Buffer Overflow in RIL |
| CVE-2023-21646 | 2023-09-05 | Reachable Assertion in Modem |
| CVE-2023-21653 | 2023-09-05 | Reachable Assertion in Modem |
| CVE-2023-21654 | 2023-09-05 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Audio |
| CVE-2023-21655 | 2023-09-05 | Integer Overflow or Wraparound in Display |
| CVE-2023-21662 | 2023-09-05 | Buffer Copy without Checking the Size of Input(Classic Buffer Overflow) in Core Platform |
| CVE-2023-21663 | 2023-09-05 | Improper Restrictions of Operations within the Bounds of a Memory Buffer in Display |
| CVE-2023-21664 | 2023-09-05 | Buffer Copy without Checking the Size of Input(Classic Buffer Overflow) in Core Platform |
| CVE-2023-21667 | 2023-09-05 | Buffer Over-read in Bluetooth HOST |
| CVE-2023-28538 | 2023-09-05 | Stack-based Buffer Overflow in WIN Product |
| CVE-2023-28544 | 2023-09-05 | Buffer Copy without Checking the Size of Input in WLAN Firmware |
| CVE-2023-28548 | 2023-09-05 | Improper Validation of Array Index in WLAN HAL |
| CVE-2023-28549 | 2023-09-05 | Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN HAL |
| CVE-2023-28557 | 2023-09-05 | Improper Validation of Array Index in WLAN HAL |
| CVE-2023-28558 | 2023-09-05 | Improper Validation of Array Index in WLAN HAL |
| CVE-2023-28559 | 2023-09-05 | Buffer Copy Without Checking Size of Input in WLAN HAL |
| CVE-2023-28560 | 2023-09-05 | Buffer Copy Without Checking Size of Input in WLAN HAL |
| CVE-2023-28562 | 2023-09-05 | Buffer Copy Without Checking Size of Input in QESL |
| CVE-2023-28564 | 2023-09-05 | Use of Out-of-range Pointer Offset in WLAN HAL |
| CVE-2023-28565 | 2023-09-05 | Improper Validation of Array Index in WLAN HAL |
| CVE-2023-28567 | 2023-09-05 | Improper Validation of Array Index in WLAN HAL |
| CVE-2023-28573 | 2023-09-05 | Improper Validation of Array Index in WLAN HAL |
| CVE-2023-28581 | 2023-09-05 | Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Firmware |
| CVE-2023-28584 | 2023-09-05 | Improper Authorization in WLAN Host |
| CVE-2023-33015 | 2023-09-05 | Buffer Over-read in WLAN Firmware |
| CVE-2023-33016 | 2023-09-05 | Buffer Over-read in WLAN Firmware |
| CVE-2023-33019 | 2023-09-05 | Improper Authorization in WLAN Host |
| CVE-2023-33020 | 2023-09-05 | Improper Authorization in WLAN Host |
| CVE-2023-33021 | 2023-09-05 | Use After Free in Graphics |
| CVE-2023-28543 | 2023-09-05 | Out of Bounds read in SNPE Library |
| CVE-2023-4540 | 2023-09-05 | DoS in lua-http library |
| CVE-2023-39448 | 2023-09-05 | Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. |
| CVE-2023-38574 | 2023-09-05 | Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted... |
| CVE-2023-39938 | 2023-09-05 | Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2023-40535 | 2023-09-05 | Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-40705 | 2023-09-05 | Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-36492 | 2023-09-05 | Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in... |
| CVE-2023-38569 | 2023-09-05 | Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in... |
| CVE-2023-20897 | 2023-09-05 | Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the... |
| CVE-2023-20898 | 2023-09-05 | Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers... |
| CVE-2023-2453 | 2023-09-05 | Local file Inclusion (LFI) in Forum Infusion via Directory Traversal |
| CVE-2023-40743 | 2023-09-05 | Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService |
| CVE-2023-4480 | 2023-09-05 | Arbitrary File Read in Fusion File Manager |
| CVE-2023-4778 | 2023-09-05 | Out-of-bounds Read in gpac/gpac |
| CVE-2023-34353 | 2023-09-05 | An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information.... |
| CVE-2023-35124 | 2023-09-05 | An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a... |
| CVE-2023-32271 | 2023-09-05 | An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a... |
| CVE-2023-34994 | 2023-09-05 | An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to... |
| CVE-2023-34317 | 2023-09-05 | An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to... |
| CVE-2023-32615 | 2023-09-05 | A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file... |
| CVE-2023-34998 | 2023-09-05 | An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An... |
| CVE-2023-31242 | 2023-09-05 | An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker... |
| CVE-2023-3374 | 2023-09-05 | Privilege Escalation in Bookreen |
| CVE-2023-3375 | 2023-09-05 | Unrestricted File Upload in Bookreen |
| CVE-2023-35065 | 2023-09-05 | SQLi in Osofts Paint Production Management |
| CVE-2023-35068 | 2023-09-05 | SQLi in BMAs Personnel Tracking System |
| CVE-2023-35072 | 2023-09-05 | SQLi in Coyav Travels Proagent |
| CVE-2023-3616 | 2023-09-05 | SQLi in Mava Softwares Hotel Management System |
| CVE-2023-4034 | 2023-09-05 | SQLi in Smartrise Document Management System |
| CVE-2023-41317 | 2023-09-05 | Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router |
| CVE-2023-4781 | 2023-09-05 | Heap-based Buffer Overflow in vim/vim |
| CVE-2023-4531 | 2023-09-05 | SQLi in Mestavs E-commerce Software |
| CVE-2023-4178 | 2023-09-05 | Authentication Bypass in Neutron Smart VMS |
| CVE-2020-10128 | 2023-09-05 | SearchBlox product before V-9.2.1 is vulnerable to Stored-Cross Site Scripting |
| CVE-2023-39514 | 2023-09-05 | Stored Cross-site Scripting on graphs.php data template formated name view in Cacti |
| CVE-2023-39515 | 2023-09-05 | Stored Cross-site Scripting on data_debug.php datasource path view in Cacti |
| CVE-2023-39513 | 2023-09-05 | Stored Cross-site Scripting on host.php verbose data-query debug view in Cacti |
| CVE-2023-4310 | 2023-09-05 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of... |
| CVE-2023-39512 | 2023-09-05 | Stored Cross-site Scripting on data_sources.php device name view in Cacti |
| CVE-2023-39510 | 2023-09-05 | Stored Cross-site Scripting in reports_admin.php through Device-Name in 'select' input in Cacti |
| CVE-2023-39366 | 2023-09-05 | Stored Cross-site Scripting in data_sources.php through Device-Name in 'select' input in Cacti |
| CVE-2023-39360 | 2023-09-05 | Reflected Cross-site Scripting in graphs_new.php in Cacti |
| CVE-2023-39361 | 2023-09-05 | Unauthenticated SQL Injection in graph_view.php in Cacti |
| CVE-2023-39359 | 2023-09-05 | Authenticated SQL injection vulnerability in graphs.php in Cacti |
| CVE-2023-39358 | 2023-09-05 | Authenticated SQL injection vulnerability in reports_user.php in Cacti |
| CVE-2023-39357 | 2023-09-05 | A Defect in sql_save() Causes Multiple SQL Injection Vulnerabilities in Cacti |
| CVE-2023-39365 | 2023-09-05 | Unchecked regular expressions can lead to SQL Injection and data leakage in Cacti |
| CVE-2023-39516 | 2023-09-05 | Stored Cross-Site-Scripting on data_sources.php debug html-block in Cacti |
| CVE-2023-39364 | 2023-09-05 | Open redirect in change password functionality in Cacti |
| CVE-2023-39362 | 2023-09-05 | Authenticated command injection in SNMP options of a Device |
| CVE-2023-31132 | 2023-09-05 | Cacti Privilege Escalation |
| CVE-2023-30534 | 2023-09-05 | Insecure Deserialization in Cacti |
| CVE-2023-4761 | 2023-09-05 | Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory... |
| CVE-2023-4762 | 2023-09-05 | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4763 | 2023-09-05 | Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4764 | 2023-09-05 | Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium... |
| CVE-2023-4487 | 2023-09-05 | GE Digital CIMPLICITY Process Control |
| CVE-2023-4485 | 2023-09-05 | ARDEREG Sistemas SCADA SQL Injection |
| CVE-2021-36646 | 2023-09-06 | A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page. |
| CVE-2023-41601 | 2023-09-06 | Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or... |
| CVE-2022-32920 | 2023-09-06 | The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. |
| CVE-2023-32362 | 2023-09-06 | Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3. A website may be able to track sensitive user information. |
| CVE-2023-28187 | 2023-09-06 | This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3. A user may be able to cause a denial-of-service. |
| CVE-2023-32379 | 2023-09-06 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2023-27950 | 2023-09-06 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. |
| CVE-2023-28211 | 2023-09-06 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write... |
| CVE-2023-28210 | 2023-09-06 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write... |
| CVE-2023-32426 | 2023-09-06 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges. |
| CVE-2023-32370 | 2023-09-06 | A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. |