Lista CVE - 2023 / Agosto
Visualizzazione 301 - 400 di 2479 CVE per Agosto 2023 (Pagina 4 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-39551 | 2023-08-04 | PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. |
| CVE-2023-29505 | 2023-08-04 | An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. |
| CVE-2023-39143 | 2023-08-04 | PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device... |
| CVE-2023-39343 | 2023-08-04 | Sulu Observable Response Discrepancy on Admin Login |
| CVE-2023-38708 | 2023-08-04 | Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction |
| CVE-2023-4002 | 2023-08-04 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-4140 | 2023-08-04 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes... |
| CVE-2023-4139 | 2023-08-04 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and... |
| CVE-2023-4141 | 2023-08-04 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with... |
| CVE-2023-4142 | 2023-08-04 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with... |
| CVE-2023-39379 | 2023-08-04 | Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in... |
| CVE-2023-34037 | 2023-08-04 | VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. |
| CVE-2023-34038 | 2023-08-04 | VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. |
| CVE-2023-4135 | 2023-08-04 | Out-of-bounds read information disclosure vulnerability |
| CVE-2023-36480 | 2023-08-04 | Aerospike Java Client vulnerable to unsafe deserialization of server responses |
| CVE-2023-37470 | 2023-08-04 | Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint |
| CVE-2023-37896 | 2023-08-04 | Nuclei Path Traversal vulnerability |
| CVE-2023-38487 | 2023-08-04 | HedgeDoc API allows to hide existing notes |
| CVE-2023-38494 | 2023-08-04 | The cloud version of the MeterSphere interface leaks some sensitive data without authentication |
| CVE-2023-38497 | 2023-08-04 | Cargo not respecting umask when extracting crate archives |
| CVE-2023-38686 | 2023-08-04 | Sydent does not verify email server certificates |
| CVE-2023-38688 | 2023-08-04 | twitch-tui's connection is not encrypted |
| CVE-2023-38689 | 2023-08-04 | Deserialization of Untrusted Data in network IO |
| CVE-2023-38690 | 2023-08-04 | matrix-appservice-irc IRC command injection via admin commands containing newlines |
| CVE-2023-38691 | 2023-08-04 | matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs |
| CVE-2023-0264 | 2023-08-04 | A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm... |
| CVE-2023-4157 | 2023-08-04 | Improper Neutralization of Special Elements in Output Used by a Downstream Component in omeka/omeka-s |
| CVE-2023-4158 | 2023-08-04 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s |
| CVE-2023-4159 | 2023-08-04 | Unrestricted Upload of File with Dangerous Type in omeka/omeka-s |
| CVE-2023-38692 | 2023-08-04 | Command injection vulnerability in module management function in CloudExplorer Lite |
| CVE-2023-38695 | 2023-08-04 | cypress-image-snapshot vulnerable to insecure snapshot file names |
| CVE-2023-38697 | 2023-08-04 | protocol-http1 HTTP Request/Response Smuggling vulnerability |
| CVE-2023-38698 | 2023-08-04 | .eth registrar controller can shorten the duration of registered names |
| CVE-2023-38699 | 2023-08-04 | MindsDB 'Call to requests with verify=False disabling SSL certificate checks, security issue.' issue |
| CVE-2023-38700 | 2023-08-04 | matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms |
| CVE-2023-38702 | 2023-08-04 | Knowage Server vulnerable to path traversal via upload functionality |
| CVE-2022-4955 | 2023-08-04 | Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted... |
| CVE-2023-39344 | 2023-08-04 | social-media-skeleton vulnerable to Pre-Auth SQLi leading to RCE |
| CVE-2023-39346 | 2023-08-04 | bjrjk/LinuxASMCallGraph before commit 20dba06 allows attackers to cause a RCE on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file |
| CVE-2020-26082 | 2023-08-04 | A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured... |
| CVE-2020-26065 | 2023-08-04 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files... |
| CVE-2020-26064 | 2023-08-04 | A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an... |
| CVE-2020-23564 | 2023-08-05 | File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. |
| CVE-2022-46782 | 2023-08-05 | An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code... |
| CVE-2023-33367 | 2023-08-05 | A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. |
| CVE-2023-36095 | 2023-08-05 | An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt. |
| CVE-2023-38943 | 2023-08-05 | ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. |
| CVE-2023-39508 | 2023-08-05 | Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges |
| CVE-2023-4165 | 2023-08-05 | Tongda OA delete_seal.php sql injection |
| CVE-2023-4166 | 2023-08-05 | Tongda OA delete_log.php sql injection |
| CVE-2023-4167 | 2023-08-05 | Media Browser Emby Server cross site scripting |
| CVE-2023-4187 | 2023-08-05 | Cross-site Scripting (XSS) - Stored in instantsoft/icms2 |
| CVE-2023-4168 | 2023-08-05 | Templatecookie Adlisting Redirect ad-list information disclosure |
| CVE-2023-4169 | 2023-08-05 | Ruijie RG-EW1200G Administrator Password set_passwd access control |
| CVE-2023-4170 | 2023-08-05 | DedeBIZ Article cross site scripting |
| CVE-2023-4188 | 2023-08-05 | SQL Injection in instantsoft/icms2 |
| CVE-2023-4189 | 2023-08-05 | Cross-site Scripting (XSS) - Reflected in instantsoft/icms2 |
| CVE-2023-4171 | 2023-08-05 | Chengdu Flash Flood Disaster Monitoring and Warning System FileDownload.ashx path traversal |
| CVE-2023-37874 | 2023-08-05 | WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37873 | 2023-08-05 | WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36689 | 2023-08-05 | WordPress WPFactory Helper Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36686 | 2023-08-05 | WordPress CartFlows Pro Plugin <= 1.11.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30491 | 2023-08-05 | WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36678 | 2023-08-05 | WordPress WP Content Copy Protection & No Right Click Plugin <= 3.5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34377 | 2023-08-05 | WordPress My Content Management Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34010 | 2023-08-05 | WordPress Media Library Assistant Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4172 | 2023-08-05 | Chengdu Flash Flood Disaster Monitoring and Warning System FileHandler.ashx absolute path traversal |
| CVE-2023-32600 | 2023-08-05 | WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4173 | 2023-08-06 | mooSocial mooStore index cross site scripting |
| CVE-2023-4190 | 2023-08-06 | Insufficient Session Expiration in admidio/admidio |
| CVE-2023-4174 | 2023-08-06 | mooSocial mooStore cross site scripting |
| CVE-2023-4175 | 2023-08-06 | mooSocial mooTravel cross site scripting |
| CVE-2023-4176 | 2023-08-06 | SourceCodester Hospital Management System appointmentapproval.php sql injection |
| CVE-2023-4177 | 2023-08-06 | EmpowerID Multi-Factor Authentication Code information disclosure |
| CVE-2023-37581 | 2023-08-06 | Apache Roller: Roller's weblog category, weblog settings and file-upload features did not properly sanitize input could be exploited to perform Reflected Cross Site Scripting (XSS) even on a Roller site configured for untrusted users. |
| CVE-2023-4179 | 2023-08-06 | SourceCodester Free Hospital Management System for Small Practices sql injection |
| CVE-2023-4180 | 2023-08-06 | SourceCodester Free Hospital Management System for Small Practices login.php sql injection |
| CVE-2023-4181 | 2023-08-06 | SourceCodester Free Hospital Management System for Small Practices Redirect behavioral workflow |
| CVE-2023-4182 | 2023-08-06 | SourceCodester Inventory Management System edit_sell.php sql injection |
| CVE-2023-4183 | 2023-08-06 | SourceCodester Inventory Management System Password edit_update.php access control |
| CVE-2023-4184 | 2023-08-06 | SourceCodester Inventory Management System sell_return.php sql injection |
| CVE-2023-4185 | 2023-08-06 | SourceCodester Online Hospital Management System patientlogin.php sql injection |
| CVE-2023-4186 | 2023-08-06 | SourceCodester Pharmacy Management System manage_website.php unrestricted upload |
| CVE-2023-4195 | 2023-08-06 | PHP Remote File Inclusion in cockpit-hq/cockpit |
| CVE-2023-4196 | 2023-08-06 | Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit |
| CVE-2023-4191 | 2023-08-06 | SourceCodester Resort Reservation System index.php file inclusion |
| CVE-2023-4192 | 2023-08-06 | SourceCodester Resort Reservation System manage_user.php sql injection |
| CVE-2022-38795 | 2023-08-07 | In Gitea through 1.17.1, repo cloning can occur in the migration function. |
| CVE-2022-48579 | 2023-08-07 | UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. |
| CVE-2023-32783 | 2023-08-07 | The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the... |
| CVE-2023-36054 | 2023-08-07 | lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec... |
| CVE-2023-36220 | 2023-08-07 | Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function. |
| CVE-2023-36499 | 2023-08-07 | Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. |
| CVE-2023-38412 | 2023-08-07 | Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. |
| CVE-2023-38591 | 2023-08-07 | Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. |
| CVE-2023-38921 | 2023-08-07 | Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. |
| CVE-2023-38922 | 2023-08-07 | Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. |
| CVE-2023-38924 | 2023-08-07 | Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. |
| CVE-2023-38925 | 2023-08-07 | Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. |
| CVE-2023-38926 | 2023-08-07 | Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. |