CVE List - 2023 / June
Showing 101 - 200 of 2395 CVEs for June 2023 (Page 2 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-25734 | 2023-06-02 | After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also... |
| CVE-2023-25735 | 2023-06-02 | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability... |
| CVE-2023-25737 | 2023-06-02 | An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
| CVE-2023-25738 | 2023-06-02 | Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt... |
| CVE-2023-25739 | 2023-06-02 | Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird <... |
| CVE-2023-25740 | 2023-06-02 | After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also... |
| CVE-2023-25741 | 2023-06-02 | When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security... |
| CVE-2023-25742 | 2023-06-02 | When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8,... |
| CVE-2023-25743 | 2023-06-02 | A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are... |
| CVE-2023-25744 | 2023-06-02 | Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these... |
| CVE-2023-25745 | 2023-06-02 | Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2023-25746 | 2023-06-02 | Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been... |
| CVE-2023-25748 | 2023-06-02 | By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android.... |
| CVE-2023-25749 | 2023-06-02 | Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an... |
| CVE-2023-25750 | 2023-06-02 | Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. |
| CVE-2023-25751 | 2023-06-02 | Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox <... |
| CVE-2023-25752 | 2023-06-02 | When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect... |
| CVE-2023-25780 | 2023-06-02 | Status Internet Co.,Ltd. PowerBPM - Broken Access Control |
| CVE-2023-27744 | 2023-06-02 | An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. |
| CVE-2023-27745 | 2023-06-02 | An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. |
| CVE-2023-28159 | 2023-06-02 | The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android.... |
| CVE-2023-28160 | 2023-06-02 | When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox... |
| CVE-2023-28161 | 2023-06-02 | If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all... |
| CVE-2023-28162 | 2023-06-02 | While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111,... |
| CVE-2023-28163 | 2023-06-02 | When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This... |
| CVE-2023-28164 | 2023-06-02 | Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox... |
| CVE-2023-28176 | 2023-06-02 | Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these... |
| CVE-2023-28177 | 2023-06-02 | Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2023-28469 | 2023-06-02 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall... |
| CVE-2023-28698 | 2023-06-02 | WADE DIGITAL DESIGN CO, LTD. FANTSY - Broken Acesss Control |
| CVE-2023-28699 | 2023-06-02 | WADE DIGITAL DESIGN CO, LTD. FANTSY - Arbitrary File Upload |
| CVE-2023-28700 | 2023-06-02 | ITPison OMICARD EDM - Arbitrary File Upload |
| CVE-2023-28701 | 2023-06-02 | ELITE Web Fax - SQL Injection |
| CVE-2023-28702 | 2023-06-02 | ASUS RT-AC86U - Command Injection |
| CVE-2023-28703 | 2023-06-02 | ASUS RT-AC86U - Buffer Overflow |
| CVE-2023-28704 | 2023-06-02 | Furbo dog camera - Command Injection |
| CVE-2023-28705 | 2023-06-02 | Openfind Mail2000 - XSS (Reflected Cross-site scripting) |
| CVE-2023-29533 | 2023-06-02 | A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible... |
| CVE-2023-29535 | 2023-06-02 | Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox... |
| CVE-2023-29536 | 2023-06-02 | An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects... |
| CVE-2023-29537 | 2023-06-02 | Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and... |
| CVE-2023-29538 | 2023-06-02 | Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability... |
| CVE-2023-29539 | 2023-06-02 | When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks... |
| CVE-2023-29540 | 2023-06-02 | Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112,... |
| CVE-2023-29541 | 2023-06-02 | Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other... |
| CVE-2023-29543 | 2023-06-02 | An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox... |
| CVE-2023-29544 | 2023-06-02 | If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android... |
| CVE-2023-29547 | 2023-06-02 | When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have... |
| CVE-2023-29548 | 2023-06-02 | A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10,... |
| CVE-2023-29549 | 2023-06-02 | Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This... |
| CVE-2023-29550 | 2023-06-02 | Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these... |
| CVE-2023-29551 | 2023-06-02 | Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2023-29724 | 2023-06-02 | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences... |
| CVE-2023-29725 | 2023-06-02 | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences... |
| CVE-2023-30602 | 2023-06-02 | Hitron Technologies Inc. CODA-5310 - Insecure service Telnet |
| CVE-2023-30603 | 2023-06-02 | Hitron Technologies Inc. CODA-5310 - Using default credentials |
| CVE-2023-3067 | 2023-06-02 | Cross-site Scripting (XSS) - Stored in zadam/trilium |
| CVE-2023-3069 | 2023-06-02 | Unverified Password Change in tsolucio/corebos |
| CVE-2023-3070 | 2023-06-02 | Cross-site Scripting (XSS) - Stored in tsolucio/corebos |
| CVE-2023-3071 | 2023-06-02 | Cross-site Scripting (XSS) - Stored in tsolucio/corebos |
| CVE-2023-3073 | 2023-06-02 | Cross-site Scripting (XSS) - Stored in tsolucio/corebos |
| CVE-2023-3074 | 2023-06-02 | Cross-site Scripting (XSS) - Stored in tsolucio/corebos |
| CVE-2023-32205 | 2023-06-02 | In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox <... |
| CVE-2023-32206 | 2023-06-02 | An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| CVE-2023-32211 | 2023-06-02 | A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| CVE-2023-32212 | 2023-06-02 | An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| CVE-2023-32213 | 2023-06-02 | When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| CVE-2023-32215 | 2023-06-02 | Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox... |
| CVE-2023-33476 | 2023-06-02 | ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This... |
| CVE-2023-33669 | 2023-06-02 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. |
| CVE-2023-33670 | 2023-06-02 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. |
| CVE-2023-33671 | 2023-06-02 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. |
| CVE-2023-33672 | 2023-06-02 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. |
| CVE-2023-33673 | 2023-06-02 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. |
| CVE-2023-33675 | 2023-06-02 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. |
| CVE-2023-33717 | 2023-06-02 | mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes() |
| CVE-2023-33731 | 2023-06-02 | Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. |
| CVE-2023-33761 | 2023-06-02 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php. |
| CVE-2023-33762 | 2023-06-02 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter. |
| CVE-2023-33763 | 2023-06-02 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php. |
| CVE-2023-0767 | 2023-06-02 | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability... |
| CVE-2023-29746 | 2023-06-02 | An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. |
| CVE-2023-30149 | 2023-06-02 | SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows... |
| CVE-2023-30604 | 2023-06-02 | Hitron Technologies Inc. CODA-5310 - Broken Access Control |
| CVE-2023-3075 | 2023-06-02 | Cross-Site Request Forgery (CSRF) in tsolucio/corebos |
| CVE-2023-32207 | 2023-06-02 | A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR <... |
| CVE-2023-34362 | 2023-06-02 | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that... |
| CVE-2023-2201 | 2023-06-02 | The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied... |
| CVE-2023-2060 | 2023-06-02 | Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules |
| CVE-2023-2061 | 2023-06-02 | Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules |
| CVE-2023-2062 | 2023-06-02 | Information Disclosure vulnerability in EtherNet/IP Configuration tools |
| CVE-2023-2063 | 2023-06-02 | Information disclosure, tampering, deletion and destruction vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules |
| CVE-2023-2835 | 2023-06-02 | The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and... |
| CVE-2023-1159 | 2023-06-02 | The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This... |
| CVE-2023-3000 | 2023-06-02 | SQLi in Erikoglu Technology's ErMon |
| CVE-2023-3056 | 2023-06-02 | YFCMF index.php path traversal |
| CVE-2023-3032 | 2023-06-02 | Mobatime web application - Arbitrary file upload (RCE) |
| CVE-2023-3033 | 2023-06-02 | Mobatime web application - broken authorisation mechanisms |
| CVE-2023-3057 | 2023-06-02 | YFCMF Ajax.php path traversal |
| CVE-2023-3031 | 2023-06-02 | Prestahop module King-Avis - Path traversal |