Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29542 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-08-02 | 9.8 Critical |
| A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | ||||
| CVE-2023-29541 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Focus and 6 more | 2024-08-02 | 8.8 High |
| Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | ||||
| CVE-2023-29375 | 1 Progress | 1 Sitefinity | 2024-08-02 | 9.8 Critical |
| An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector. | ||||
| CVE-2023-29268 | 1 Tibco | 1 Spotfire Statistics Services | 2024-08-02 | 9.8 Critical |
| The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0. | ||||
| CVE-2023-29240 | 1 F5 | 1 Big-iq Centralized Management | 2024-08-02 | 5.4 Medium |
| An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-28962 | 1 Juniper | 1 Junos | 2024-08-02 | 5.3 Medium |
| An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 version 21.1R1 and later versions; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2. | ||||
| CVE-2023-28833 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-02 | 2.4 Low |
| Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources. | ||||
| CVE-2023-23707 | 1 Awsm | 1 Embed Any Document | 2024-08-02 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions. | ||||
| CVE-2023-28725 | 1 Generalbytes | 1 Crypto Application Server | 2024-08-02 | 9.1 Critical |
| General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44. | ||||
| CVE-2023-28731 | 1 Acymailing | 1 Acymailing | 2024-08-02 | 9.8 Critical |
| AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. | ||||
| CVE-2023-28652 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2024-08-02 | 6.5 Medium |
| An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. | ||||
| CVE-2023-28700 | 1 Itpison | 1 Omicard Edm | 2024-08-02 | 6.8 Medium |
| OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | ||||
| CVE-2023-28699 | 1 Wddgroup | 1 Fantasy | 2024-08-02 | 8.8 High |
| Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service. | ||||
| CVE-2023-28480 | 1 Tigergraph | 1 Tigergraph | 2024-08-02 | 6.5 Medium |
| An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls. | ||||
| CVE-2023-28482 | 1 Tigergraph | 1 Tigergraph | 2024-08-02 | 6.5 Medium |
| An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions). | ||||
| CVE-2023-28409 | 1 Mw Wp Form Project | 1 Mw Wp Form | 2024-08-02 | 9.8 Critical |
| Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. | ||||
| CVE-2023-28353 | 2 Faronics, Microsoft | 2 Insight, Windows | 2024-08-02 | 8.8 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM. | ||||
| CVE-2023-28337 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-08-02 | 8.8 High |
| When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. | ||||
| CVE-2023-28170 | 1 Themely | 1 Theme Demo Import | 2024-08-02 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1. | ||||
| CVE-2023-28128 | 1 Ivanti | 1 Avalanche | 2024-08-02 | 7.2 High |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | ||||