Lista CVE - 2023 / Agosto
Visualizzazione 101 - 200 di 2479 CVE per Agosto 2023 (Pagina 2 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-4011 | 2023-08-02 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-38556 | 2023-08-02 | Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check... |
| CVE-2023-3401 | 2023-08-02 | Improper Control of Generation of Code ('Code Injection') in GitLab |
| CVE-2023-2022 | 2023-08-02 | Missing Authorization in GitLab |
| CVE-2023-4067 | 2023-08-02 | The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due... |
| CVE-2023-3426 | 2023-08-02 | The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a... |
| CVE-2023-26430 | 2023-08-02 | Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite... |
| CVE-2023-26438 | 2023-08-02 | External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able... |
| CVE-2023-26439 | 2023-08-02 | The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted... |
| CVE-2023-26440 | 2023-08-02 | The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access... |
| CVE-2023-26441 | 2023-08-02 | Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or... |
| CVE-2023-26442 | 2023-08-02 | In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network... |
| CVE-2023-26443 | 2023-08-02 | Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially... |
| CVE-2023-26445 | 2023-08-02 | Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context.... |
| CVE-2023-26446 | 2023-08-02 | The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to... |
| CVE-2023-26447 | 2023-08-02 | The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script... |
| CVE-2023-26448 | 2023-08-02 | Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can... |
| CVE-2023-26449 | 2023-08-02 | The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to... |
| CVE-2023-26450 | 2023-08-02 | The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to... |
| CVE-2023-26451 | 2023-08-02 | Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and... |
| CVE-2022-40609 | 2023-08-02 | IBM SDK, Java Technology Edition code execution |
| CVE-2023-23476 | 2023-08-02 | IBM Robotic Process Automation information disclosure |
| CVE-2023-3470 | 2023-08-02 | BIG-IP FIPS HSM password vulnerability CVE-2023-3470 |
| CVE-2023-36494 | 2023-08-02 | F5OS-A vulnerability |
| CVE-2023-36858 | 2023-08-02 | BIG-IP Edge Client for Windows and macOS vulnerability |
| CVE-2023-38138 | 2023-08-02 | BIG-IP Configuration utility vulnerability |
| CVE-2023-38418 | 2023-08-02 | BIG-IP Edge Client for macOS vulnerability |
| CVE-2023-38419 | 2023-08-02 | BIG-IP and BIG-IQ iControl SOAP vulnerability |
| CVE-2023-38423 | 2023-08-02 | BIG-IP Configuration utility vulnerability |
| CVE-2023-29409 | 2023-08-02 | Large RSA keys can cause high CPU usage in crypto/tls |
| CVE-2023-3978 | 2023-08-02 | Improper rendering of text nodes in golang.org/x/net/html |
| CVE-2023-29408 | 2023-08-02 | Excessive resource consumption in golang.org/x/image/tiff |
| CVE-2023-29407 | 2023-08-02 | Excessive CPU consumption when decoding 0-height images in golang.org/x/image/tiff |
| CVE-2023-3329 | 2023-08-02 | CVE-2023-3329 |
| CVE-2023-1437 | 2023-08-02 | CVE-2023-1437 |
| CVE-2023-1935 | 2023-08-02 | CVE-2023-1935 |
| CVE-2020-20808 | 2023-08-03 | Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php. |
| CVE-2023-25600 | 2023-08-03 | An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed... |
| CVE-2023-26979 | 2023-08-03 | Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by... |
| CVE-2023-28468 | 2023-08-03 | An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the... |
| CVE-2023-30297 | 2023-08-03 | An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. |
| CVE-2023-32764 | 2023-08-03 | Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. |
| CVE-2023-33363 | 2023-08-03 | An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers. |
| CVE-2023-33364 | 2023-08-03 | An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server. |
| CVE-2023-33365 | 2023-08-03 | A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server. |
| CVE-2023-33366 | 2023-08-03 | A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands. |
| CVE-2023-33368 | 2023-08-03 | Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. |
| CVE-2023-33369 | 2023-08-03 | A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. |
| CVE-2023-33370 | 2023-08-03 | An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of... |
| CVE-2023-33371 | 2023-08-03 | Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. |
| CVE-2023-33665 | 2023-08-03 | ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. |
| CVE-2023-33666 | 2023-08-03 | ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. |
| CVE-2023-34196 | 2023-08-03 | In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA... |
| CVE-2023-36082 | 2023-08-03 | An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. |
| CVE-2023-36131 | 2023-08-03 | PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. |
| CVE-2023-36132 | 2023-08-03 | PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. |
| CVE-2023-36133 | 2023-08-03 | PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. |
| CVE-2023-36134 | 2023-08-03 | In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. |
| CVE-2023-36135 | 2023-08-03 | User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the... |
| CVE-2023-36137 | 2023-08-03 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0. |
| CVE-2023-36138 | 2023-08-03 | PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. |
| CVE-2023-36139 | 2023-08-03 | In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. |
| CVE-2023-36141 | 2023-08-03 | User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the... |
| CVE-2023-36158 | 2023-08-03 | Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My... |
| CVE-2023-36159 | 2023-08-03 | Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields... |
| CVE-2023-36212 | 2023-08-03 | File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function. |
| CVE-2023-36213 | 2023-08-03 | SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function. |
| CVE-2023-36217 | 2023-08-03 | Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. |
| CVE-2023-36255 | 2023-08-03 | An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL. |
| CVE-2023-36298 | 2023-08-03 | DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). |
| CVE-2023-36299 | 2023-08-03 | A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php. |
| CVE-2023-37364 | 2023-08-03 | In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of... |
| CVE-2023-37679 | 2023-08-03 | A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. |
| CVE-2023-38941 | 2023-08-03 | django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. |
| CVE-2023-38942 | 2023-08-03 | Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json. |
| CVE-2023-38947 | 2023-08-03 | An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2023-38948 | 2023-08-03 | An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. |
| CVE-2023-38949 | 2023-08-03 | An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. |
| CVE-2023-38954 | 2023-08-03 | ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. |
| CVE-2023-38955 | 2023-08-03 | ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names. |
| CVE-2023-38956 | 2023-08-03 | A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. |
| CVE-2023-38958 | 2023-08-03 | An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. |
| CVE-2023-38991 | 2023-08-03 | An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. |
| CVE-2023-39075 | 2023-08-03 | Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB... |
| CVE-2023-39096 | 2023-08-03 | WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding. |
| CVE-2023-39097 | 2023-08-03 | WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability. |
| CVE-2023-39121 | 2023-08-03 | emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. |
| CVE-2023-39144 | 2023-08-03 | Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext. |
| CVE-2023-38950 | 2023-08-03 | A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version... |
| CVE-2023-38951 | 2023-08-03 | ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path... |
| CVE-2023-38952 | 2023-08-03 | Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user... |
| CVE-2023-4068 | 2023-08-03 | Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4069 | 2023-08-03 | Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4070 | 2023-08-03 | Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4071 | 2023-08-03 | Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4072 | 2023-08-03 | Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security... |
| CVE-2023-4073 | 2023-08-03 | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium... |
| CVE-2023-4074 | 2023-08-03 | Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-4075 | 2023-08-03 | Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-4076 | 2023-08-03 | Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) |