CVE List - 2023 / September
Showing 1501 - 1600 of 2148 CVEs for September 2023 (Page 16 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-43763 | 2023-09-22 | Certain WithSecure products allow XSS via an unvalidated parameter in... |
| CVE-2023-43765 | 2023-09-22 | Certain WithSecure products allow Denial of Service in the aeelf... |
| CVE-2023-43766 | 2023-09-22 | Certain WithSecure products allow Local privilege escalation via the lhz... |
| CVE-2023-43767 | 2023-09-22 | Certain WithSecure products allow Denial of Service via the aepack... |
| CVE-2023-43770 | 2023-09-22 | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3... |
| CVE-2023-43771 | 2023-09-22 | In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on... |
| CVE-2023-43782 | 2023-09-22 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File.... |
| CVE-2023-43783 | 2023-09-22 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File.... |
| CVE-2023-43784 | 2023-09-22 | Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are... |
| CVE-2023-23362 | 2023-09-22 | QTS, QuTS hero, QuTScloud |
| CVE-2023-23363 | 2023-09-22 | QTS |
| CVE-2023-23364 | 2023-09-22 | Multimedia Console |
| CVE-2023-43090 | 2023-09-22 | Gnome-shell: screenshot tool allows viewing open windows when session is locked |
| CVE-2023-4716 | 2023-09-22 | The Media Library Assistant plugin for WordPress is vulnerable to... |
| CVE-2023-4774 | 2023-09-22 | The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to... |
| CVE-2023-5002 | 2023-09-22 | Pgadmin4: remote code execution by an authenticated user |
| CVE-2023-34319 | 2023-09-22 | Linux: buffer overrun in netback due to unusual packet |
| CVE-2022-3874 | 2023-09-22 | Os command injection via ct_command and fcct_command |
| CVE-2022-4039 | 2023-09-22 | Rhsso-container-image: unsecured management interface exposed to adjecent network |
| CVE-2023-23766 | 2023-09-22 | Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling |
| CVE-2023-42798 | 2023-09-22 | AutomataCI Release Job Can Revert Repo to First Commit |
| CVE-2023-42811 | 2023-09-22 | AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure |
| CVE-2023-41027 | 2023-09-22 | Juplink RX4-1500 Credential Disclosure Vulnerability |
| CVE-2023-42812 | 2023-09-22 | Galaxy vulnerable to Server Side Request Forgery during data imports |
| CVE-2023-41029 | 2023-09-22 | Juplink RX4-1500 Command Injection Vulnerability |
| CVE-2023-41031 | 2023-09-22 | Juplink RX4-1500 homemng.htm Command Injection Vulnerability |
| CVE-2023-42821 | 2023-09-22 | github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations |
| CVE-2023-43640 | 2023-09-22 | TaxonWorks SQL injection vulnerability |
| CVE-2023-5125 | 2023-09-23 | The Contact Form by FormGet plugin for WordPress is vulnerable... |
| CVE-2023-5134 | 2023-09-23 | The Easy Registration Forms for WordPress is vulnerable to Information... |
| CVE-2022-3962 | 2023-09-23 | Kiali: error message spoofing in kiali ui |
| CVE-2023-1260 | 2023-09-24 | Kube-apiserver: privesc |
| CVE-2023-1625 | 2023-09-24 | Information leak in api |
| CVE-2023-1636 | 2023-09-24 | Incomplete container isolation |
| CVE-2023-1633 | 2023-09-24 | Insecure barbican configuration file leaking credential |
| CVE-2023-5142 | 2023-09-24 | H3C ER6300G2 Config File userLogin.asp path traversal |
| CVE-2023-5143 | 2023-09-24 | D-Link DAR-7000 webmailattach.php Privilege Escalation |
| CVE-2023-5144 | 2023-09-24 | D-Link DAR-7000/DAR-8000 updateos.php unrestricted upload |
| CVE-2023-5145 | 2023-09-24 | D-Link DAR-7000 licence.php unrestricted upload |
| CVE-2015-6964 | 2023-09-25 | MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks... |
| CVE-2023-38907 | 2023-09-25 | An issue in TPLink Smart Bulb Tapo series L530 before... |
| CVE-2023-39640 | 2023-09-25 | UpLight cookiebanner before 1.5.1 was discovered to contain a SQL... |
| CVE-2023-41419 | 2023-09-25 | An issue in Gevent before version 23.9.0 allows a remote... |
| CVE-2023-42426 | 2023-09-25 | Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows... |
| CVE-2023-43131 | 2023-09-25 | General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow. |
| CVE-2023-43132 | 2023-09-25 | szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote... |
| CVE-2023-43141 | 2023-09-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect... |
| CVE-2023-43256 | 2023-09-25 | A path traversal in Gladys Assistant v4.26.1 and below allows... |
| CVE-2023-43278 | 2023-09-25 | A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up... |
| CVE-2023-43319 | 2023-09-25 | Cross Site Scripting (XSS) vulnerability in the Sign-In page of... |
| CVE-2023-43325 | 2023-09-25 | A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter... |
| CVE-2023-43326 | 2023-09-25 | A reflected cross-site scripting (XSS) vulnerability exisits in multiple url... |
| CVE-2023-43339 | 2023-09-25 | Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local... |
| CVE-2023-43382 | 2023-09-25 | Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a... |
| CVE-2023-43456 | 2023-09-25 | Cross Site Scripting vulnerability in Service Provider Management System v.1.0... |
| CVE-2023-43457 | 2023-09-25 | An issue in Service Provider Management System v.1.0 allows a... |
| CVE-2023-43458 | 2023-09-25 | Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0... |
| CVE-2023-5146 | 2023-09-25 | D-Link DAR-7000/DAR-8000 updatelib.php unrestricted upload |
| CVE-2023-5147 | 2023-09-25 | D-Link DAR-7000 updateos.php unrestricted upload |
| CVE-2023-41949 | 2023-09-25 | WordPress iFolders Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41948 | 2023-09-25 | WordPress Cookie Notice & Consent Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41874 | 2023-09-25 | WordPress Order Delivery Date for WooCommerce Plugin <= 3.20.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5148 | 2023-09-25 | D-Link DAR-7000/DAR-8000 uploadfile.php unrestricted upload |
| CVE-2023-5149 | 2023-09-25 | D-Link DAR-7000 userattestation.php unrestricted upload |
| CVE-2023-41872 | 2023-09-25 | WordPress WoodMart Theme <= 7.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5150 | 2023-09-25 | D-Link DAR-7000/DAR-8000 web.php unrestricted upload |
| CVE-2023-5151 | 2023-09-25 | D-Link DAR-8000 autheditpwd.php sql injection |
| CVE-2023-5152 | 2023-09-25 | D-Link DAR-7000/DAR-8000 importexport.php sql injection |
| CVE-2023-5153 | 2023-09-25 | D-Link DAR-8000 querysql.php sql injection |
| CVE-2023-5154 | 2023-09-25 | D-Link DAR-8000 changelogo.php unrestricted upload |
| CVE-2023-39407 | 2023-09-25 | The Watchkit has a risk of unauthorized file access.Successful exploitation... |
| CVE-2023-39408 | 2023-09-25 | DoS vulnerability in the PMS module. Successful exploitation of this... |
| CVE-2023-39409 | 2023-09-25 | DoS vulnerability in the PMS module. Successful exploitation of this... |
| CVE-2023-41294 | 2023-09-25 | The DP module has a service hijacking vulnerability.Successful exploitation of... |
| CVE-2023-41295 | 2023-09-25 | Vulnerability of improper permission management in the displayengine module. Successful... |
| CVE-2023-41296 | 2023-09-25 | Vulnerability of missing authorization in the kernel module. Successful exploitation... |
| CVE-2023-41297 | 2023-09-25 | Vulnerability of defects introduced in the design process in the... |
| CVE-2023-41298 | 2023-09-25 | Vulnerability of permission control in the window module. Successful exploitation... |
| CVE-2023-41299 | 2023-09-25 | DoS vulnerability in the PMS module. Successful exploitation of this... |
| CVE-2023-41300 | 2023-09-25 | Vulnerability of parameters not being strictly verified in the PMS... |
| CVE-2023-41301 | 2023-09-25 | Vulnerability of unauthorized API access in the PMS module. Successful... |
| CVE-2023-41302 | 2023-09-25 | Redirection permission verification vulnerability in the home screen module. Successful... |
| CVE-2023-41293 | 2023-09-25 | Data security classification vulnerability in the DDMP module. Successful exploitation... |
| CVE-2022-48605 | 2023-09-25 | Input verification vulnerability in the fingerprint module. Successful exploitation of... |
| CVE-2023-41303 | 2023-09-25 | Command injection vulnerability in the distributed file system module. Successful... |
| CVE-2023-3550 | 2023-09-25 | Stored XSS leads to privilege escalation in MediaWiki v1.40.0 |
| CVE-2023-40163 | 2023-09-25 | An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of... |
| CVE-2023-39453 | 2023-09-25 | A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft... |
| CVE-2023-32653 | 2023-09-25 | An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of... |
| CVE-2023-35002 | 2023-09-25 | A heap-based buffer overflow vulnerability exists in the pictwread functionality... |
| CVE-2023-32284 | 2023-09-25 | An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of... |
| CVE-2023-32614 | 2023-09-25 | A heap-based buffer overflow vulnerability exists in the create_png_object functionality... |
| CVE-2023-28393 | 2023-09-25 | A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality... |
| CVE-2023-23567 | 2023-09-25 | A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality... |
| CVE-2023-5165 | 2023-09-25 | Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell |
| CVE-2023-5166 | 2023-09-25 | Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL |
| CVE-2023-0625 | 2023-09-25 | Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog |
| CVE-2023-0626 | 2023-09-25 | Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route |
| CVE-2023-0627 | 2023-09-25 | Docker Desktop 4.11.x allows --no-windows-containers flag bypass |
| CVE-2023-0633 | 2023-09-25 | In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE |