CVE List - 2023 / September
Showing 801 - 900 of 2148 CVEs for September 2023 (Page 9 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-35684 | 2023-09-11 | In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution... |
| CVE-2023-35687 | 2023-09-11 | In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-1415 | 2023-09-11 | Drools: unsafe data deserialization in streamutils |
| CVE-2023-41879 | 2023-09-11 | Magento LTS's guest order "protect code" can be brute-forced too easily |
| CVE-2023-4898 | 2023-09-11 | Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm |
| CVE-2023-4899 | 2023-09-11 | SQL Injection in mintplex-labs/anything-llm |
| CVE-2023-40440 | 2023-09-11 | This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted. |
| CVE-2023-41990 | 2023-09-11 | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8... |
| CVE-2023-40442 | 2023-09-11 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8.... |
| CVE-2022-47637 | 2023-09-12 | The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. |
| CVE-2023-27169 | 2023-09-12 | Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and... |
| CVE-2023-39073 | 2023-09-12 | An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request. |
| CVE-2023-39150 | 2023-09-12 | ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387. |
| CVE-2023-39637 | 2023-09-12 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. |
| CVE-2023-40218 | 2023-09-12 | An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases... |
| CVE-2023-40784 | 2023-09-12 | DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. |
| CVE-2023-40834 | 2023-09-12 | OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute... |
| CVE-2023-41013 | 2023-09-12 | Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. |
| CVE-2023-41423 | 2023-09-12 | Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function. |
| CVE-2023-25519 | 2023-09-12 | NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability... |
| CVE-2023-37489 | 2023-09-12 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System) |
| CVE-2023-40308 | 2023-09-12 | Memory Corruption vulnerability in SAP CommonCryptoLib |
| CVE-2023-32005 | 2023-09-12 | A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from... |
| CVE-2023-32558 | 2023-09-12 | The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note... |
| CVE-2023-4893 | 2023-09-12 | The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers... |
| CVE-2023-4890 | 2023-09-12 | The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input... |
| CVE-2023-4840 | 2023-09-12 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and... |
| CVE-2023-4887 | 2023-09-12 | The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient... |
| CVE-2023-42472 | 2023-09-12 | Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) |
| CVE-2023-41369 | 2023-09-12 | External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application) |
| CVE-2023-41368 | 2023-09-12 | Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps) |
| CVE-2023-41367 | 2023-09-12 | Missing Authentication check in SAP NetWeaver (Guided Procedures) |
| CVE-2023-40625 | 2023-09-12 | Missing Authorization check in SAP Manage Purchase Contracts App |
| CVE-2023-40624 | 2023-09-12 | Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering) |
| CVE-2023-40623 | 2023-09-12 | Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer) |
| CVE-2023-40622 | 2023-09-12 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management) |
| CVE-2023-40621 | 2023-09-12 | Code Injection vulnerability in SAP PowerDesigner Client |
| CVE-2023-40309 | 2023-09-12 | Missing Authorization check in SAP CommonCryptoLib |
| CVE-2023-26142 | 2023-09-12 | All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF... |
| CVE-2023-3039 | 2023-09-12 | SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. |
| CVE-2022-4896 | 2023-09-12 | Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete... |
| CVE-2022-48474 | 2023-09-12 | Control de Ciber, in its 1.650 version, is affected by a Denial of Service condition through the version function. Sending a malicious request could cause the server to check if... |
| CVE-2022-48475 | 2023-09-12 | Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to... |
| CVE-2022-24093 | 2023-09-12 | Adobe Commerce post-auth improper input validation leads to remote code execution |
| CVE-2023-37881 | 2023-09-12 | Weak Access Control between Domains in Wing FTP Server <= 7.2.0 |
| CVE-2023-37879 | 2023-09-12 | Exposed Session Variable in Wing FTP Server <= 7.2.0 |
| CVE-2023-37878 | 2023-09-12 | Insecure Default Permissions in Wing FTP Server <= 7.2.0 |
| CVE-2023-37875 | 2023-09-12 | Cross-Site Scripting Vulnerability in Wing FTP Server <= 7.2.0 |
| CVE-2023-4759 | 2023-09-12 | Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write |
| CVE-2023-28831 | 2023-09-12 | The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation.... |
| CVE-2023-38070 | 2023-09-12 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),... |
| CVE-2023-38071 | 2023-09-12 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),... |
| CVE-2023-38072 | 2023-09-12 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),... |
| CVE-2023-38073 | 2023-09-12 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),... |
| CVE-2023-38074 | 2023-09-12 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),... |
| CVE-2023-38075 | 2023-09-12 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),... |
| CVE-2023-38076 | 2023-09-12 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),... |
| CVE-2023-40724 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access... |
| CVE-2023-40725 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows... |
| CVE-2023-40726 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly... |
| CVE-2023-40727 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker... |
| CVE-2023-40728 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could... |
| CVE-2023-40729 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain... |
| CVE-2023-40730 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access... |
| CVE-2023-40731 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious... |
| CVE-2023-40732 | 2023-09-12 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow... |
| CVE-2023-41032 | 2023-09-12 | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142),... |
| CVE-2023-41033 | 2023-09-12 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions <... |
| CVE-2023-41846 | 2023-09-12 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption... |
| CVE-2023-40611 | 2023-09-12 | Apache Airflow Dag Runs Broken Access Control Vulnerability |
| CVE-2023-40712 | 2023-09-12 | Apache Airflow: Secrets can be unmasked in the "Rendered Template" |
| CVE-2023-2071 | 2023-09-12 | FactoryTalk View Machine Edition Vulnerable to Remote Code Execution |
| CVE-2023-4913 | 2023-09-12 | Cross-site Scripting (XSS) - Reflected in cecilapp/cecil |
| CVE-2023-4914 | 2023-09-12 | Relative Path Traversal in cecilapp/cecil |
| CVE-2023-4863 | 2023-09-12 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML... |
| CVE-2023-0119 | 2023-09-12 | Foreman: stored cross-site scripting in host tab |
| CVE-2023-34469 | 2023-09-12 | Cold Rest Vulnerabiltiy |
| CVE-2023-34470 | 2023-09-12 | Improper access control |
| CVE-2023-29463 | 2023-09-12 | Pavilion8 Security Misconfiguration Vulnerability |
| CVE-2023-35355 | 2023-09-12 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2023-38162 | 2023-09-12 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2023-38161 | 2023-09-12 | Windows GDI Elevation of Privilege Vulnerability |
| CVE-2023-38156 | 2023-09-12 | Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability |
| CVE-2023-38152 | 2023-09-12 | DHCP Server Service Information Disclosure Vulnerability |
| CVE-2023-38150 | 2023-09-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-38149 | 2023-09-12 | Windows TCP/IP Denial of Service Vulnerability |
| CVE-2023-38148 | 2023-09-12 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
| CVE-2023-38147 | 2023-09-12 | Windows Miracast Wireless Display Remote Code Execution Vulnerability |
| CVE-2023-38146 | 2023-09-12 | Windows Themes Remote Code Execution Vulnerability |
| CVE-2023-38144 | 2023-09-12 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2023-38143 | 2023-09-12 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2023-38142 | 2023-09-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-38141 | 2023-09-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-38140 | 2023-09-12 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2023-38139 | 2023-09-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-36805 | 2023-09-12 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
| CVE-2023-36804 | 2023-09-12 | Windows GDI Elevation of Privilege Vulnerability |
| CVE-2023-36803 | 2023-09-12 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2023-36802 | 2023-09-12 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
| CVE-2023-36801 | 2023-09-12 | DHCP Server Service Information Disclosure Vulnerability |