CVE List - 2023 / June
Showing 1601 - 1700 of 2395 CVEs for June 2023 (Page 17 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-2828 | 2023-06-21 | named's configured cache size limit can be significantly exceeded |
| CVE-2023-2829 | 2023-06-21 | Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled |
| CVE-2023-2911 | 2023-06-21 | Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 |
| CVE-2023-0969 | 2023-06-21 | Global read overflow in Z/IP Gateway |
| CVE-2023-0970 | 2023-06-21 | Serial API Buffer Overflow in Z/IP Gateway |
| CVE-2023-0971 | 2023-06-21 | Command Authentication Bypass in Z/IP Gateway |
| CVE-2023-0972 | 2023-06-21 | Buffer overflow in S0 Decryption on Z/IP Gatweay |
| CVE-2023-3110 | 2023-06-21 | Buffer overflow in S0 Decryption on Unify Gateway |
| CVE-2023-27083 | 2023-06-22 | An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. |
| CVE-2023-28094 | 2023-06-22 | Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. |
| CVE-2023-29707 | 2023-06-22 | Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device. |
| CVE-2023-29708 | 2023-06-22 | An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload. |
| CVE-2023-29709 | 2023-06-22 | An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication. |
| CVE-2023-29711 | 2023-06-22 | An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request. |
| CVE-2023-29931 | 2023-06-22 | laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. |
| CVE-2023-30347 | 2023-06-22 | Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search. |
| CVE-2023-31867 | 2023-06-22 | Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. |
| CVE-2023-31868 | 2023-06-22 | Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor... |
| CVE-2023-32571 | 2023-06-22 | Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. |
| CVE-2023-33387 | 2023-06-22 | A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link. |
| CVE-2023-34553 | 2023-06-22 | An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. |
| CVE-2023-34601 | 2023-06-22 | Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. |
| CVE-2023-34796 | 2023-06-22 | Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values. |
| CVE-2023-34923 | 2023-06-22 | XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via... |
| CVE-2023-34927 | 2023-06-22 | Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying... |
| CVE-2023-34939 | 2023-06-22 | Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. |
| CVE-2023-35131 | 2023-06-22 | Moodle: xss risk on groups page |
| CVE-2023-35132 | 2023-06-22 | Moodle: minor sql injection risk on mnet sso access control page |
| CVE-2023-35133 | 2023-06-22 | Moodle: ssrf risk due to insufficient check on the curl blocked hosts |
| CVE-2023-36093 | 2023-06-22 | There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 |
| CVE-2023-36097 | 2023-06-22 | funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. |
| CVE-2023-36239 | 2023-06-22 | libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c. |
| CVE-2023-36243 | 2023-06-22 | FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c. |
| CVE-2023-36354 | 2023-06-22 | TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a... |
| CVE-2023-36355 | 2023-06-22 | TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2023-36356 | 2023-06-22 | TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial... |
| CVE-2023-36357 | 2023-06-22 | An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. |
| CVE-2023-36358 | 2023-06-22 | TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of... |
| CVE-2023-36359 | 2023-06-22 | TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of... |
| CVE-2023-36362 | 2023-06-22 | An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-36363 | 2023-06-22 | An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-36364 | 2023-06-22 | An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-36365 | 2023-06-22 | An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-36366 | 2023-06-22 | An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-36367 | 2023-06-22 | An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-36368 | 2023-06-22 | An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-36369 | 2023-06-22 | An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-36370 | 2023-06-22 | An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-36371 | 2023-06-22 | An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-28956 | 2023-06-22 | IBM Spectrum Protect Backup-Archive Client privilege escalation |
| CVE-2023-33842 | 2023-06-22 | IBM SPSS Modeler information disclosure |
| CVE-2019-25152 | 2023-06-22 | The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including,... |
| CVE-2023-26115 | 2023-06-22 | All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable. |
| CVE-2023-32449 | 2023-06-22 | Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the... |
| CVE-2023-27631 | 2023-06-22 | WordPress Daily Prayer Time Plugin <= 2023.05.04 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27413 | 2023-06-22 | WordPress W4 Post List Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27629 | 2023-06-22 | WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27612 | 2023-06-22 | WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28171 | 2023-06-22 | WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28166 | 2023-06-22 | WordPress Tags Cloud Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28423 | 2023-06-22 | WordPress Modern Footnotes Plugin <= 1.4.15 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28496 | 2023-06-22 | WordPress SMTP2GO Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28534 | 2023-06-22 | WordPress WP Job Portal Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27618 | 2023-06-22 | WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28695 | 2023-06-22 | WordPress VigilanTor Plugin <= 1.3.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31213 | 2023-06-22 | WordPress WPBakery Page Builder Plugin < 6.13.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35090 | 2023-06-22 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35093 | 2023-06-22 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control |
| CVE-2023-28784 | 2023-06-22 | WordPress Contest Gallery Plugin <= 21.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28750 | 2023-06-22 | WordPress Albo Pretorio Online Plugin <= 4.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28776 | 2023-06-22 | WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28778 | 2023-06-22 | WordPress Pagination by BestWebSoft Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23807 | 2023-06-22 | WordPress MojoPlug Slide Panel Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23795 | 2023-06-22 | WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23811 | 2023-06-22 | WordPress Smoothscroller Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30500 | 2023-06-22 | WordPress WPForms plugins - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2023-20892 | 2023-06-22 | VMware vCenter Server heap-overflow vulnerability |
| CVE-2023-35918 | 2023-06-22 | WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35917 | 2023-06-22 | WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26539 | 2023-06-22 | WordPress Advanced Text Widget Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26534 | 2023-06-22 | WordPress WP Repost Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-20893 | 2023-06-22 | The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute... |
| CVE-2023-20894 | 2023-06-22 | The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write... |
| CVE-2023-20895 | 2023-06-22 | The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption... |
| CVE-2023-27452 | 2023-06-22 | WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28174 | 2023-06-22 | WordPress eRocket Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-20896 | 2023-06-22 | The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read... |
| CVE-2023-28418 | 2023-06-22 | WordPress Mediciti Lite Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32239 | 2023-06-22 | WordPress WoodMart Theme <= 7.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33323 | 2023-06-22 | WordPress ARMember Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34368 | 2023-06-22 | WordPress Kanban Boards for WordPress Plugin <= 2.5.20 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28774 | 2023-06-22 | WordPress Review Stream Plugin <= 1.6.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47593 | 2023-06-22 | WordPress RapidLoad Power-Up for Autoptimize Plugin <= 1.6.35 is vulnerable to SQL Injection |
| CVE-2023-25499 | 2023-06-22 | Possible information disclosure in non visible components |
| CVE-2023-25500 | 2023-06-22 | Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class... |
| CVE-2023-32960 | 2023-06-22 | WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33997 | 2023-06-22 | WordPress bbp style pack Plugin <= 5.5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34006 | 2023-06-22 | WordPress Telegram Bot & Channel Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35926 | 2023-06-22 | Insecure sandbox in Backstage Scaffolder plugin |
| CVE-2023-35174 | 2023-06-22 | Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows |