CVE List - 2023 / September
Showing 601 - 700 of 2148 CVEs for September 2023 (Page 7 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-30639 | 2023-09-07 | Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2022-30642 | 2023-09-07 | Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-30800 | 2023-09-07 | MikroTik RouterOS Web Interface Heap Corruption |
| CVE-2023-40060 | 2023-09-07 | 2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1 |
| CVE-2023-41061 | 2023-09-07 | A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution.... |
| CVE-2023-41064 | 2023-09-07 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS... |
| CVE-2023-4528 | 2023-09-07 | JSCAPE MFT Server Unsafe Deserialization on Management Port |
| CVE-2023-4685 | 2023-09-07 | CVE-2023-4685 |
| CVE-2023-20193 | 2023-09-07 | A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and... |
| CVE-2023-20194 | 2023-09-07 | A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit... |
| CVE-2023-41316 | 2023-09-07 | HTML Injection with email in Tolgee |
| CVE-2023-30908 | 2023-09-07 | A remote authentication bypass issue exists in a OneView API. |
| CVE-2023-40029 | 2023-09-07 | Cluster secret might leak in cluster details page in Argo CD |
| CVE-2023-40584 | 2023-09-07 | Denial of Service to Argo CD repo-server |
| CVE-2021-27715 | 2023-09-08 | An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request. |
| CVE-2021-33834 | 2023-09-08 | An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause... |
| CVE-2021-45811 | 2023-09-08 | A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. |
| CVE-2023-36184 | 2023-09-08 | CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json. |
| CVE-2023-37367 | 2023-09-08 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos... |
| CVE-2023-37368 | 2023-09-08 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos... |
| CVE-2023-37377 | 2023-09-08 | An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect... |
| CVE-2023-37759 | 2023-09-08 | Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request. |
| CVE-2023-39076 | 2023-09-08 | Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car... |
| CVE-2023-39584 | 2023-09-08 | Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. |
| CVE-2023-39620 | 2023-09-08 | An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. |
| CVE-2023-39676 | 2023-09-08 | FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php. |
| CVE-2023-39712 | 2023-09-08 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |
| CVE-2023-40271 | 2023-09-08 | In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm... |
| CVE-2023-40353 | 2023-09-08 | An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application. |
| CVE-2023-40924 | 2023-09-08 | SolarView Compact < 6.00 is vulnerable to Directory Traversal. |
| CVE-2023-40953 | 2023-09-08 | icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2023-41564 | 2023-09-08 | An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. |
| CVE-2023-41575 | 2023-09-08 | Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-41578 | 2023-09-08 | Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection. |
| CVE-2023-41594 | 2023-09-08 | Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. |
| CVE-2023-41615 | 2023-09-08 | Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. |
| CVE-2023-42268 | 2023-09-08 | Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show. |
| CVE-2023-42276 | 2023-09-08 | hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. |
| CVE-2023-42277 | 2023-09-08 | hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath. |
| CVE-2023-42278 | 2023-09-08 | hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). |
| CVE-2022-27599 | 2023-09-08 | QVR Pro Client |
| CVE-2014-5329 | 2023-09-08 | GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of... |
| CVE-2023-32470 | 2023-09-08 | Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary... |
| CVE-2023-41775 | 2023-09-08 | Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the... |
| CVE-2023-34041 | 2023-09-08 | CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter |
| CVE-2023-4777 | 2023-09-08 | Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier |
| CVE-2023-4807 | 2023-09-08 | POLY1305 MAC implementation corrupts XMM registers on Windows |
| CVE-2023-4843 | 2023-09-08 | Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by... |
| CVE-2023-39318 | 2023-09-08 | Improper handling of HTML-like comments in script contexts in html/template |
| CVE-2023-39320 | 2023-09-08 | Arbitrary code execution via go.mod toolchain directive in cmd/go |
| CVE-2023-39319 | 2023-09-08 | Improper handling of special tags within script contexts in html/template |
| CVE-2023-39321 | 2023-09-08 | Panic when processing post-handshake message on QUIC connections in crypto/tls |
| CVE-2023-39322 | 2023-09-08 | Memory exhaustion in QUIC connection handling in crypto/tls |
| CVE-2023-4782 | 2023-09-08 | Terraform Allows Arbitrary File Write During Init Operation |
| CVE-2023-28010 | 2023-09-08 | HCL Domino is susceptible to a sensitive information disclosure vulnerability |
| CVE-2023-41338 | 2023-09-08 | Vulnerability in Ctx.IsFromLocal() in gofiber |
| CVE-2023-38736 | 2023-09-08 | IBM QRadar WinCollect Agent privilege escalation |
| CVE-2023-41318 | 2023-09-08 | Unsafe media served inline on download endpoints in matrix-media-repo |
| CVE-2023-32332 | 2023-09-08 | IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection |
| CVE-2022-33164 | 2023-09-08 | IBM Security Directory Server path traversal |
| CVE-2022-22405 | 2023-09-08 | IBM Aspera Faspex information disclosure |
| CVE-2023-24965 | 2023-09-08 | IBM Aspera Faspex improper access control |
| CVE-2023-30995 | 2023-09-08 | IBM Aspera Faspex improper access control |
| CVE-2023-40306 | 2023-09-08 | URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) |
| CVE-2022-22409 | 2023-09-08 | IBM Aspera Faspex information disclosure |
| CVE-2022-22401 | 2023-09-08 | IBM Aspera Faspex information disclosure |
| CVE-2022-22402 | 2023-09-08 | IBM Aspera Faspex cross-site scripting |
| CVE-2023-4844 | 2023-09-08 | SourceCodester Simple Membership System club_edit_query.php sql injection |
| CVE-2023-41915 | 2023-09-09 | OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. |
| CVE-2023-4838 | 2023-09-09 | The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and... |
| CVE-2023-4845 | 2023-09-09 | SourceCodester Simple Membership System account_edit_query.php sql injection |
| CVE-2023-4846 | 2023-09-09 | SourceCodester Simple Membership System delete_member.php sql injection |
| CVE-2023-4847 | 2023-09-09 | SourceCodester Simple Book Catalog App Update Book Form cross site scripting |
| CVE-2023-4848 | 2023-09-09 | SourceCodester Simple Book Catalog App delete_book.php sql injection |
| CVE-2023-4849 | 2023-09-09 | IBOS OA trash&op=del sql injection |
| CVE-2023-4850 | 2023-09-09 | IBOS OA del sql injection |
| CVE-2023-4851 | 2023-09-09 | IBOS OA edit&op=member sql injection |
| CVE-2023-4852 | 2023-09-09 | IBOS OA optimize sql injection |
| CVE-2023-4875 | 2023-09-09 | Undefined Behavior for Input to API in Mutt |
| CVE-2023-4874 | 2023-09-09 | Undefined Behavior for Input to API in Mutt |
| CVE-2023-4864 | 2023-09-09 | SourceCodester Take-Note App index.php cross site scripting |
| CVE-2023-4865 | 2023-09-09 | SourceCodester Take-Note App cross-site request forgery |
| CVE-2023-4866 | 2023-09-09 | SourceCodester Online Tours & Travels Management System booking.php exec sql injection |
| CVE-2023-4867 | 2023-09-10 | Xintian Smart Table Integrated Management System Added Site Page AddUpdateSites.aspx sql injection |
| CVE-2023-4876 | 2023-09-10 | Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure |
| CVE-2023-4877 | 2023-09-10 | Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure |
| CVE-2023-4868 | 2023-09-10 | SourceCodester Contact Manager App add.php cross-site request forgery |
| CVE-2023-4869 | 2023-09-10 | SourceCodester Contact Manager App update.php cross-site request forgery |
| CVE-2023-4870 | 2023-09-10 | SourceCodester Contact Manager App Contact Information index.php cross site scripting |
| CVE-2023-4871 | 2023-09-10 | SourceCodester Contact Manager App delete.php sql injection |
| CVE-2023-4872 | 2023-09-10 | SourceCodester Contact Manager App add.php sql injection |
| CVE-2023-4873 | 2023-09-10 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php os command injection |
| CVE-2023-4878 | 2023-09-10 | Server-Side Request Forgery (SSRF) in instantsoft/icms2 |
| CVE-2023-4879 | 2023-09-10 | Cross-site Scripting (XSS) - Stored in instantsoft/icms2 |
| CVE-2020-19318 | 2023-09-11 | Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program. |
| CVE-2020-19319 | 2023-09-11 | Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login. |
| CVE-2020-19320 | 2023-09-11 | Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login. |
| CVE-2020-19323 | 2023-09-11 | An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No... |
| CVE-2020-19559 | 2023-09-11 | An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter. |
| CVE-2020-24088 | 2023-09-11 | An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges. |