CVE List - 2023 / June
Showing 1201 - 1300 of 2395 CVEs for June 2023 (Page 13 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-34251 | 2023-06-14 | Grav Server Side Template Injection vulnerability |
| CVE-2023-34252 | 2023-06-14 | Grav Server-side Template Injection via Insufficient Validation in filterFilter |
| CVE-2023-34253 | 2023-06-14 | Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass |
| CVE-2023-34448 | 2023-06-14 | Grav Server-side Template Injection (SSTI) via Twig Default Filters |
| CVE-2023-34452 | 2023-06-14 | Grav vulnerable to Self Cross Site Scripting in /forgot_password |
| CVE-2021-0701 | 2023-06-15 | In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0945 | 2023-06-15 | In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with... |
| CVE-2023-21095 | 2023-06-15 | In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-21101 | 2023-06-15 | In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-21105 | 2023-06-15 | In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2023-21108 | 2023-06-15 | In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support... |
| CVE-2023-21115 | 2023-06-15 | In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with... |
| CVE-2023-21120 | 2023-06-15 | In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2023-21121 | 2023-06-15 | In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of... |
| CVE-2023-21122 | 2023-06-15 | In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation... |
| CVE-2023-21123 | 2023-06-15 | In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation... |
| CVE-2023-21124 | 2023-06-15 | In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-21126 | 2023-06-15 | In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-21127 | 2023-06-15 | In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2023-21128 | 2023-06-15 | In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2023-21129 | 2023-06-15 | In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege... |
| CVE-2023-21130 | 2023-06-15 | In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2023-21131 | 2023-06-15 | In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and... |
| CVE-2023-21135 | 2023-06-15 | In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-21136 | 2023-06-15 | In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with... |
| CVE-2023-21137 | 2023-06-15 | In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed... |
| CVE-2023-21138 | 2023-06-15 | In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User... |
| CVE-2023-21139 | 2023-06-15 | In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-21141 | 2023-06-15 | In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no... |
| CVE-2023-21142 | 2023-06-15 | In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional... |
| CVE-2023-21143 | 2023-06-15 | In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with... |
| CVE-2023-21144 | 2023-06-15 | In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges... |
| CVE-2023-23841 | 2023-06-15 | SolarWinds Serv-U Exposure of Sensitive Information Vulnerability |
| CVE-2023-24030 | 2023-06-15 | An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid... |
| CVE-2023-24031 | 2023-06-15 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to... |
| CVE-2023-24032 | 2023-06-15 | In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM... |
| CVE-2023-28809 | 2023-06-15 | Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability,... |
| CVE-2023-28810 | 2023-06-15 | Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same... |
| CVE-2023-31672 | 2023-06-15 | In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability. |
| CVE-2023-33243 | 2023-06-15 | RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While... |
| CVE-2023-34626 | 2023-06-15 | Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. |
| CVE-2023-34666 | 2023-06-15 | Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter. |
| CVE-2023-34797 | 2023-06-15 | Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. |
| CVE-2023-34800 | 2023-06-15 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. |
| CVE-2023-34833 | 2023-06-15 | An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2023-34852 | 2023-06-15 | PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. |
| CVE-2023-34880 | 2023-06-15 | cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file... |
| CVE-2023-21618 | 2023-06-15 | ZDI-CAN-20963: Adobe Substance 3D Designer SBS File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2023-22248 | 2023-06-15 | Adobe Commerce Incorrect Authorization Security feature bypass |
| CVE-2023-29287 | 2023-06-15 | Adobe Commerce Information Exposure Security feature bypass |
| CVE-2023-29288 | 2023-06-15 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2023-29289 | 2023-06-15 | Adobe Commerce XML Injection Security feature bypass |
| CVE-2023-29290 | 2023-06-15 | Adobe Commerce Guest Cart Shipping Address Overwrite IDOR |
| CVE-2023-29291 | 2023-06-15 | Server Side Request Forgery (SSRF) in USPS carrier integration configuration |
| CVE-2023-29292 | 2023-06-15 | Server Side Request Forgery (SSRF) in FedEx carrier integration configuration |
| CVE-2023-29293 | 2023-06-15 | Adobe Commerce | Improper Input Validation (CWE-20) |
| CVE-2023-29294 | 2023-06-15 | Bypass Purchase Order Approval using Company User in Adobe Commerce B2B |
| CVE-2023-29295 | 2023-06-15 | Insecure Direct Object Reference (IDOR) in Create Quote Function |
| CVE-2023-29296 | 2023-06-15 | [Cloud] Customer suspects IDOR vulnerability |
| CVE-2023-29297 | 2023-06-15 | Admin-to-admin stored XSS via cache poisoning |
| CVE-2023-29302 | 2023-06-15 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2023-29304 | 2023-06-15 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2023-29307 | 2023-06-15 | Open Redirect on AEM Target |
| CVE-2023-29321 | 2023-06-15 | Adobe Animate FLA files Use After Free Arbitrary code execution |
| CVE-2023-29322 | 2023-06-15 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2022-22307 | 2023-06-15 | IBM Security Guardium privilege escalation |
| CVE-2023-25683 | 2023-06-15 | IBM PowerVM Hypervisor information disclosure |
| CVE-2022-33163 | 2023-06-15 | IBM Security Directory Suite VA information disclosure |
| CVE-2022-33168 | 2023-06-15 | IBM Security Directory Suite VA denial of service |
| CVE-2022-33159 | 2023-06-15 | IBM Security Directory Suite VA information disclosure |
| CVE-2022-33166 | 2023-06-15 | IBM Security Directory Suite VA file upload |
| CVE-2022-32757 | 2023-06-15 | IBM Security Directory Suite VA information disclosure |
| CVE-2022-32752 | 2023-06-15 | IBM Security Directory Suite VA command execution |
| CVE-2023-3193 | 2023-06-15 | Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary... |
| CVE-2023-35029 | 2023-06-15 | Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to... |
| CVE-2023-35030 | 2023-06-15 | Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute... |
| CVE-2023-2270 | 2023-06-15 | Local privilege escalation |
| CVE-2022-4149 | 2023-06-15 | Local privilege escalation using log file |
| CVE-2023-2847 | 2023-06-15 | Local privilege escalation in ESET products for Linux and MacOS |
| CVE-2023-32229 | 2023-06-15 | Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling... |
| CVE-2023-28175 | 2023-06-15 | Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. |
| CVE-2023-25449 | 2023-06-15 | WordPress CformsII Plugin <=15.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23802 | 2023-06-15 | WordPress HT Easy GA4 ( Google Analytics 4 ) Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25450 | 2023-06-15 | WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25972 | 2023-06-15 | WordPress Старт Plugin <= 3.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3274 | 2023-06-15 | code-projects Supplier Management System Picture btn_functions.php unrestricted upload |
| CVE-2023-3275 | 2023-06-15 | PHPGurukul Rail Pass Management System POST Request view-pass-detail.php sql injection |
| CVE-2023-3276 | 2023-06-15 | Dromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference |
| CVE-2023-27634 | 2023-06-15 | WordPress Intrepidity Theme <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25055 | 2023-06-15 | WordPress Google XML Sitemap for Videos Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24420 | 2023-06-15 | WordPress Admin side data storage for Contact Form 7 Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34453 | 2023-06-15 | snappy-java's Integer Overflow vulnerability in shuffle leads to DoS |
| CVE-2023-34454 | 2023-06-15 | snappy-java's Integer Overflow vulnerability in compress leads to DoS |
| CVE-2023-34455 | 2023-06-15 | snappy-java's unchecked chunk length leads to DoS |
| CVE-2023-2686 | 2023-06-15 | Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. |
| CVE-2023-2683 | 2023-06-15 | Connection update while closing connection may lead to denial-of-service |
| CVE-2023-34242 | 2023-06-15 | Cilium vulnerable to information leakage via incorrect ReferenceGrant handling |
| CVE-2023-2747 | 2023-06-15 | Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data |
| CVE-2023-2080 | 2023-06-15 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind... |
| CVE-2023-24243 | 2023-06-16 | CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). |