Lista CVE - 2023 / Agosto
Visualizzazione 1301 - 1400 di 2479 CVE per Agosto 2023 (Pagina 14 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-27939 | 2023-08-14 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. |
| CVE-2022-32876 | 2023-08-14 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication. |
| CVE-2022-46706 | 2023-08-14 | A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be... |
| CVE-2022-22646 | 2023-08-14 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to modify protected parts of the file... |
| CVE-2020-36615 | 2023-08-14 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution. |
| CVE-2022-48503 | 2023-08-14 | The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content... |
| CVE-2023-27948 | 2023-08-14 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. |
| CVE-2023-28479 | 2023-08-15 | An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each... |
| CVE-2023-38840 | 2023-08-15 | Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. |
| CVE-2023-38850 | 2023-08-15 | Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent. |
| CVE-2023-38851 | 2023-08-15 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018. |
| CVE-2023-38853 | 2023-08-15 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015. |
| CVE-2023-38854 | 2023-08-15 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296. |
| CVE-2023-38855 | 2023-08-15 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395. |
| CVE-2023-38856 | 2023-08-15 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411. |
| CVE-2023-38857 | 2023-08-15 | Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. |
| CVE-2023-38858 | 2023-08-15 | Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. |
| CVE-2023-38860 | 2023-08-15 | An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. |
| CVE-2023-38861 | 2023-08-15 | An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. |
| CVE-2023-38862 | 2023-08-15 | An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. |
| CVE-2023-38863 | 2023-08-15 | An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. |
| CVE-2023-38864 | 2023-08-15 | An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. |
| CVE-2023-38865 | 2023-08-15 | COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr. |
| CVE-2023-38866 | 2023-08-15 | COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name. |
| CVE-2023-38889 | 2023-08-15 | An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). |
| CVE-2023-38896 | 2023-08-15 | An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. |
| CVE-2023-38898 | 2023-08-15 | An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any... |
| CVE-2023-38915 | 2023-08-15 | File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. |
| CVE-2023-38916 | 2023-08-15 | SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields. |
| CVE-2023-39659 | 2023-08-15 | An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. |
| CVE-2023-39661 | 2023-08-15 | An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. |
| CVE-2023-39662 | 2023-08-15 | An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. |
| CVE-2023-39841 | 2023-08-15 | Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. |
| CVE-2023-39842 | 2023-08-15 | Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. |
| CVE-2023-39843 | 2023-08-15 | Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. |
| CVE-2023-39850 | 2023-08-15 | Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. |
| CVE-2023-39852 | 2023-08-15 | Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is... |
| CVE-2023-38852 | 2023-08-15 | Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266. |
| CVE-2023-39851 | 2023-08-15 | webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is... |
| CVE-2023-4347 | 2023-08-15 | Cross-site Scripting (XSS) - Reflected in librenms/librenms |
| CVE-2023-4308 | 2023-08-15 | User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content' |
| CVE-2023-2916 | 2023-08-15 | The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level... |
| CVE-2023-30747 | 2023-08-15 | WordPress WooCommerce Easy Duplicate Product Plugin <= 0.3.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30778 | 2023-08-15 | WordPress PowerPress Podcasting Plugin <= 10.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24478 | 2023-08-15 | Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to... |
| CVE-2023-30498 | 2023-08-15 | WordPress Vimeotheque Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4371 | 2023-08-15 | phpRecDB index.php cross site scripting |
| CVE-2023-32006 | 2023-08-15 | The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy... |
| CVE-2023-32004 | 2023-08-15 | A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal... |
| CVE-2023-32003 | 2023-08-15 | `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the... |
| CVE-2023-35082 | 2023-08-15 | An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to... |
| CVE-2023-39438 | 2023-08-15 | Missing Authorization check allows certain operations on CLA Assistant data |
| CVE-2023-2312 | 2023-08-15 | Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a... |
| CVE-2023-4349 | 2023-08-15 | Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-4350 | 2023-08-15 | Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML... |
| CVE-2023-4351 | 2023-08-15 | Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML... |
| CVE-2023-4352 | 2023-08-15 | Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4353 | 2023-08-15 | Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4354 | 2023-08-15 | Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2023-4355 | 2023-08-15 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-4356 | 2023-08-15 | Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap... |
| CVE-2023-4357 | 2023-08-15 | Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-4358 | 2023-08-15 | Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-4359 | 2023-08-15 | Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page.... |
| CVE-2023-4360 | 2023-08-15 | Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-4361 | 2023-08-15 | Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-4362 | 2023-08-15 | Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to... |
| CVE-2023-4363 | 2023-08-15 | Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium... |
| CVE-2023-4364 | 2023-08-15 | Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-4365 | 2023-08-15 | Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-4366 | 2023-08-15 | Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2023-4367 | 2023-08-15 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via... |
| CVE-2023-4368 | 2023-08-15 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via... |
| CVE-2023-4369 | 2023-08-15 | Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions... |
| CVE-2023-40028 | 2023-08-15 | Arbitrary file read via symlinks in Ghost |
| CVE-2023-40027 | 2023-08-15 | Conditionally missing authorization in @keystone-6/core |
| CVE-2023-4345 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable client-side control bypass |
| CVE-2023-38401 | 2023-08-15 | Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client |
| CVE-2023-4323 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup |
| CVE-2023-4344 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection |
| CVE-2023-4343 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter |
| CVE-2023-4342 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy |
| CVE-2023-4341 | 2023-08-15 | Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI |
| CVE-2023-4340 | 2023-08-15 | Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file |
| CVE-2023-4339 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions |
| CVE-2023-4338 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers |
| CVE-2023-4337 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation |
| CVE-2023-4336 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute |
| CVE-2023-4335 | 2023-08-15 | Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux |
| CVE-2023-4334 | 2023-08-15 | Broadcom RAID Controller Web server (nginx) is serving private files without any authentication |
| CVE-2023-4333 | 2023-08-15 | Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server |
| CVE-2023-4332 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file |
| CVE-2023-4331 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols |
| CVE-2023-4329 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute |
| CVE-2023-4328 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux |
| CVE-2023-4327 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux |
| CVE-2023-4326 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites |
| CVE-2023-4325 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities |
| CVE-2023-4324 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers |
| CVE-2023-38402 | 2023-08-15 | Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client |