CVE List - 2023 / September
Showing 501 - 600 of 2148 CVEs for September 2023 (Page 6 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-35980 | 2023-09-06 | Adobe Acrobat Reader SpellDictionaryExport Path Traversal Remote Code Execution Vulnerability |
| CVE-2021-36060 | 2023-09-06 | Adobe Media Encoder MPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-36023 | 2023-09-06 | Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution |
| CVE-2021-39859 | 2023-09-06 | Use After Free Adobe Acrobat Pro DC [HB-21-0339] |
| CVE-2021-36021 | 2023-09-06 | Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution |
| CVE-2021-36036 | 2023-09-06 | Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution |
| CVE-2021-21088 | 2023-09-06 | Adobe Acrobat Pro DC Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-32672 | 2023-09-06 | Apache Superset: SQL parser edge case bypasses data access authorization |
| CVE-2023-3777 | 2023-09-06 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2023-4015 | 2023-09-06 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2023-4206 | 2023-09-06 | Use-after-free in Linux kernel's net/sched: cls_route component |
| CVE-2023-4207 | 2023-09-06 | Use-after-free in Linux kernel's net/sched: cls_fw component |
| CVE-2023-4208 | 2023-09-06 | Use-after-free in Linux kernel's net/sched: cls_u32 component |
| CVE-2023-4244 | 2023-09-06 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2023-4622 | 2023-09-06 | Use-after-free in Linux kernel's af_unix component |
| CVE-2023-4623 | 2023-09-06 | Use-after-free in Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component |
| CVE-2023-4498 | 2023-09-06 | Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router |
| CVE-2023-20250 | 2023-09-06 | A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected... |
| CVE-2023-20243 | 2023-09-06 | A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets.... |
| CVE-2023-20238 | 2023-09-06 | A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials... |
| CVE-2023-20269 | 2023-09-06 | A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct... |
| CVE-2023-20263 | 2023-09-06 | A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability... |
| CVE-2023-0925 | 2023-09-06 | Software AG webMethods OneData Deserialization Vulnerability |
| CVE-2023-41330 | 2023-09-06 | Unsafe deserialization in knplabs/knp-snappy |
| CVE-2023-39511 | 2023-09-06 | Stored Cross-Site-Scripting on reports_admin.php device name in Cacti |
| CVE-2023-41328 | 2023-09-06 | Possibility limited SQL injection due to insufficient validation in Frappe |
| CVE-2023-38484 | 2023-09-06 | Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways |
| CVE-2023-38485 | 2023-09-06 | Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways |
| CVE-2023-38486 | 2023-09-06 | Hardware Root of Trust Bypass in 9200 and 9000 Series Controllers and Gateways |
| CVE-2023-41319 | 2023-09-06 | Remote Code Execution in Custom Integration Upload in Fides |
| CVE-2023-41050 | 2023-09-06 | Information disclosure through Python's "format" functionality in Zope AccessControl |
| CVE-2023-40591 | 2023-09-06 | Denial of service via malicious p2p message in go-ethereum |
| CVE-2020-10129 | 2023-09-06 | CVE-2020-10129 |
| CVE-2020-10130 | 2023-09-06 | CVE-2020-10130 |
| CVE-2020-10131 | 2023-09-06 | CVE-2020-10131 |
| CVE-2020-10132 | 2023-09-06 | CVE-2020-10132 |
| CVE-2023-4809 | 2023-09-06 | pf incorrectly handles multiple IPv6 fragment headers |
| CVE-2023-39956 | 2023-09-06 | Electron: Out-of-package code execution when launched with arbitrary cwd |
| CVE-2023-29198 | 2023-09-06 | Context isolation bypass via nested unserializable return value in Electron |
| CVE-2023-23623 | 2023-09-06 | Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron |
| CVE-2023-41053 | 2023-09-06 | Redis SORT_RO may bypass ACL configuration |
| CVE-2023-41329 | 2023-09-06 | Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio |
| CVE-2023-41327 | 2023-09-06 | Controlled SSRF through URL in the WireMock |
| CVE-2023-39967 | 2023-09-06 | Full read and controlled SSRF through URL parameter when testing a request inside wiremock-studio |
| CVE-2023-40397 | 2023-09-06 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. |
| CVE-2023-38616 | 2023-09-06 | A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2023-40392 | 2023-09-06 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location... |
| CVE-2023-38605 | 2023-09-06 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. |
| CVE-2023-37798 | 2023-09-07 | A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted... |
| CVE-2023-39711 | 2023-09-07 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |
| CVE-2023-40942 | 2023-09-07 | Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. |
| CVE-2023-41161 | 2023-09-07 | Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key... |
| CVE-2023-41646 | 2023-09-07 | Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/ |
| CVE-2023-4772 | 2023-09-07 | The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping... |
| CVE-2023-4792 | 2023-09-07 | The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function... |
| CVE-2023-34357 | 2023-09-07 | Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password |
| CVE-2023-38031 | 2023-09-07 | ASUS RT-AC86U - Command injection vulnerability - 1 |
| CVE-2023-4815 | 2023-09-07 | Missing Authentication for Critical Function in answerdev/answer |
| CVE-2023-38032 | 2023-09-07 | ASUS RT-AC86U - Command injection vulnerability - 2 |
| CVE-2023-38033 | 2023-09-07 | ASUS RT-AC86U - Command injection vulnerability - 3 |
| CVE-2023-39236 | 2023-09-07 | ASUS RT-AC86U - Command injection vulnerability - 4 |
| CVE-2023-39237 | 2023-09-07 | ASUS RT-AC86U - Command injection vulnerability - 5 |
| CVE-2023-39238 | 2023-09-07 | ASUS RT-AX55、RT-AX56U_V2 - Format String - 1 |
| CVE-2023-39239 | 2023-09-07 | ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2 |
| CVE-2023-39240 | 2023-09-07 | ASUS RT-AX55、RT-AX56U_V2 - Format String - 3 |
| CVE-2023-3747 | 2023-09-07 | Insufficient Validation on Override Codes for Always-Enabled WARP Mode |
| CVE-2023-39420 | 2023-09-07 | Use of Hard-coded Credentials in RDPCore.dll |
| CVE-2023-39421 | 2023-09-07 | Use of Hard-coded Credentials in RDPWin.dll |
| CVE-2023-39422 | 2023-09-07 | Use of Hard-coded Credentials in multiple /irmdata/api/ endpoints |
| CVE-2023-39423 | 2023-09-07 | Improper Neutralization of Special Elements used in an SQL Command in RDPData.dll |
| CVE-2023-39424 | 2023-09-07 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll |
| CVE-2023-36635 | 2023-09-07 | An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. |
| CVE-2021-43751 | 2023-09-07 | Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-43027 | 2023-09-07 | Adobe After Effects TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-43753 | 2023-09-07 | Adobe Lightroom TIF File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-40723 | 2023-09-07 | Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-40698 | 2023-09-07 | ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass |
| CVE-2021-43018 | 2023-09-07 | Adobe Photoshop JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-40795 | 2023-09-07 | Adobe Premiere Pro 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2021-44188 | 2023-09-07 | Adobe After Effects 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2021-42265 | 2023-09-07 | Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-40791 | 2023-09-07 | Adobe Premiere Pro JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-42734 | 2023-09-07 | Adobe Photoshop TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-40699 | 2023-09-07 | ColdFusion CFIDE Improper Access Control Leads To Privilege Escalation |
| CVE-2021-40790 | 2023-09-07 | Adobe Premiere Pro MOV File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-44191 | 2023-09-07 | Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44190 | 2023-09-07 | Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44192 | 2023-09-07 | Adobe After Effects MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44194 | 2023-09-07 | Adobe After Effects 3GP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44195 | 2023-09-07 | Adobe After Effects JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44189 | 2023-09-07 | Adobe After Effects JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-44193 | 2023-09-07 | Adobe After Effects MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-30638 | 2023-09-07 | Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30641 | 2023-09-07 | Adobe Illustrator SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30646 | 2023-09-07 | Adobe Illustrator Font Parsing Out-of-bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30637 | 2023-09-07 | Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30643 | 2023-09-07 | Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30645 | 2023-09-07 | Adobe Illustrator SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30640 | 2023-09-07 | Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30644 | 2023-09-07 | Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability |