CVE List - 2023 / June
Showing 1 - 100 of 2395 CVEs for June 2023 (Page 1 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-23953 | 2023-06-01 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. |
| CVE-2023-23954 | 2023-06-01 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. |
| CVE-2023-23955 | 2023-06-01 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. |
| CVE-2023-27639 | 2023-06-01 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint,... |
| CVE-2023-27640 | 2023-06-01 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint,... |
| CVE-2023-28147 | 2023-06-01 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard... |
| CVE-2023-28399 | 2023-06-01 | Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the... |
| CVE-2023-28651 | 2023-06-01 | Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings,... |
| CVE-2023-28657 | 2023-06-01 | Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege.... |
| CVE-2023-28713 | 2023-06-01 | Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a... |
| CVE-2023-28824 | 2023-06-01 | Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database... |
| CVE-2023-28937 | 2023-06-01 | DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes... |
| CVE-2023-29154 | 2023-06-01 | SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary... |
| CVE-2023-29159 | 2023-06-01 | Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. |
| CVE-2023-29722 | 2023-06-01 | The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal... |
| CVE-2023-29723 | 2023-06-01 | The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal... |
| CVE-2023-29736 | 2023-06-01 | Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution. |
| CVE-2023-29748 | 2023-06-01 | Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to... |
| CVE-2023-3026 | 2023-06-01 | Cross-site Scripting (XSS) - Stored in jgraph/drawio |
| CVE-2023-30758 | 2023-06-01 | Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-33461 | 2023-06-01 | iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. |
| CVE-2023-33544 | 2023-06-01 | hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even... |
| CVE-2023-33546 | 2023-06-01 | Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could... |
| CVE-2023-33551 | 2023-06-01 | Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. |
| CVE-2023-33552 | 2023-06-01 | Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. |
| CVE-2023-33716 | 2023-06-01 | mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp. |
| CVE-2023-33719 | 2023-06-01 | mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp |
| CVE-2023-33754 | 2023-06-01 | The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user... |
| CVE-2023-33764 | 2023-06-01 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/<ID>. |
| CVE-2023-33778 | 2023-06-01 | Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption... |
| CVE-2023-34312 | 2023-06-01 | In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition. |
| CVE-2023-2598 | 2023-06-01 | A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of... |
| CVE-2023-2977 | 2023-06-01 | A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The... |
| CVE-2023-2985 | 2023-06-01 | A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. |
| CVE-2022-35742 | 2023-06-01 | Microsoft Outlook Denial of Service Vulnerability |
| CVE-2023-24584 | 2023-06-01 | Controller 6000 buffer overflow via upload feature in web interface |
| CVE-2010-10010 | 2023-06-01 | Stars Alliance PsychoStats login.php cross site scripting |
| CVE-2023-3028 | 2023-06-01 | Improper backend communication allows access and manipulation of the telemetry data |
| CVE-2022-4333 | 2023-06-01 | Sprecher: Sprecon maintenance access with hardcoded credentials |
| CVE-2022-4332 | 2023-06-01 | Sprecher: Vulnerable firmware verification |
| CVE-2023-3029 | 2023-06-01 | Guangdong Pythagorean OA Office System delete cross-site request forgery |
| CVE-2018-25086 | 2023-06-01 | sea75300 FanPress CM Template Preview templatepreview.php getArticlesPreview cross site scripting |
| CVE-2023-32181 | 2023-06-01 | Stack buffer overflow in "econf_writeFile" function |
| CVE-2023-22652 | 2023-06-01 | Stack buffer overflow in "read_file" function |
| CVE-2023-22648 | 2023-06-01 | A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would... |
| CVE-2023-22647 | 2023-06-01 | An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted,... |
| CVE-2022-43760 | 2023-06-01 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another... |
| CVE-2014-125104 | 2023-06-01 | VaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted upload |
| CVE-2015-10109 | 2023-06-01 | Video Playlist and Gallery Plugin wp-media-cincopa.php cross-site request forgery |
| CVE-2023-3035 | 2023-06-01 | Guangdong Pythagorean OA Office System Schedule cross site scripting |
| CVE-2023-33965 | 2023-06-01 | Brook's tproxy server is vulnerable to a drive-by command injection. |
| CVE-2023-32310 | 2023-06-01 | DataEase API interface has IDOR vulnerability |
| CVE-2023-33963 | 2023-06-01 | DataEase data source has deserialization vulnerability |
| CVE-2023-28066 | 2023-06-01 | Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on... |
| CVE-2023-28043 | 2023-06-01 | Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain... |
| CVE-2023-32324 | 2023-06-01 | OpenPrinting CUPS vulnerable to heap buffer overflow |
| CVE-2023-32690 | 2023-06-01 | Responder can Invoke Undefined Behavior in libspdm Requester |
| CVE-2023-33960 | 2023-06-01 | OpenProject vulnerable to project identifier information leakage through robots.txt |
| CVE-2023-34091 | 2023-06-01 | Kyverno resource with a deletionTimestamp may allow policy circumvention |
| CVE-2023-34092 | 2023-06-01 | Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) |
| CVE-2023-32708 | 2023-06-01 | HTTP Response Splitting via the ‘rest’ SPL Command |
| CVE-2023-32711 | 2023-06-01 | Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View |
| CVE-2023-32715 | 2023-06-01 | Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing |
| CVE-2023-32706 | 2023-06-01 | Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication |
| CVE-2023-32717 | 2023-06-01 | Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results |
| CVE-2023-32710 | 2023-06-01 | Information Disclosure via the ‘copyresults’ SPL Command |
| CVE-2023-32716 | 2023-06-01 | Denial of Service via the 'dump' SPL command |
| CVE-2023-32714 | 2023-06-01 | Path Traversal in Splunk App for Lookup File Editing |
| CVE-2023-32712 | 2023-06-01 | Unauthenticated Log Injection in Splunk Enterprise |
| CVE-2023-32713 | 2023-06-01 | Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream |
| CVE-2023-32707 | 2023-06-01 | ‘edit_user’ Capability Privilege Escalation |
| CVE-2023-32709 | 2023-06-01 | Low-privileged User can View Hashed Default Splunk Password |
| CVE-2023-34339 | 2023-06-01 | In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message |
| CVE-2015-10110 | 2023-06-01 | ruddernation TinyChat Room Spy Plugin room-spy.php wp_show_room_spy cross site scripting |
| CVE-2016-15032 | 2023-06-01 | mback2k mh_httpbl Extension class.tx_mhhttpbl.php stopOutput cross site scripting |
| CVE-2022-24695 | 2023-06-02 | Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully... |
| CVE-2022-45938 | 2023-06-02 | An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote... |
| CVE-2022-46307 | 2023-06-02 | SGUDA U-Lock - Broken Access Control |
| CVE-2022-46308 | 2023-06-02 | SGUDA U-Lock - Broken Access Control |
| CVE-2022-47616 | 2023-06-02 | Hitron Technologies Inc. CODA-5310 - Remote Command Execution |
| CVE-2022-47617 | 2023-06-02 | Hitron Technologies Inc. CODA-5310 - Hard-coded Cryptographic Key |
| CVE-2023-0430 | 2023-06-02 | Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to... |
| CVE-2023-0547 | 2023-06-02 | OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this... |
| CVE-2023-0616 | 2023-06-02 | If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to... |
| CVE-2023-1945 | 2023-06-02 | Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. |
| CVE-2023-23597 | 2023-06-02 | A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new... |
| CVE-2023-23598 | 2023-06-02 | Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read... |
| CVE-2023-23599 | 2023-06-02 | When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within.... |
| CVE-2023-23600 | 2023-06-02 | Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications... |
| CVE-2023-23601 | 2023-06-02 | Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird... |
| CVE-2023-23602 | 2023-06-02 | A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from... |
| CVE-2023-23603 | 2023-06-02 | Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the... |
| CVE-2023-23604 | 2023-06-02 | A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. |
| CVE-2023-23605 | 2023-06-02 | Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these... |
| CVE-2023-23606 | 2023-06-02 | Memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2023-25728 | 2023-06-02 | The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird <... |
| CVE-2023-25729 | 2023-06-02 | Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious... |
| CVE-2023-25730 | 2023-06-02 | A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects... |
| CVE-2023-25731 | 2023-06-02 | Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects... |
| CVE-2023-25732 | 2023-06-02 | When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability... |