CVE List - 2023 / June
Showing 1901 - 2000 of 2395 CVEs for June 2023 (Page 20 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-35165 | 2023-06-23 | AWS CDK EKS overly permissive trust policies |
| CVE-2023-35169 | 2023-06-23 | php-imap vulnerable to RCE through a directory traversal vulnerability |
| CVE-2023-35171 | 2023-06-23 | Nextcloud Server vulnerable to open redirect on "Unsupported browser" warning |
| CVE-2023-35172 | 2023-06-23 | Nextcloud Server password reset endpoint is not brute force protected |
| CVE-2023-35173 | 2023-06-23 | End-to-End encrypted file-drops can be made inaccessible |
| CVE-2023-35927 | 2023-06-23 | Nextcloud system addressbooks can be modified by malicious trusted server |
| CVE-2023-35928 | 2023-06-23 | Nextcloud user scoped external storage can be used to gather credentials of other users |
| CVE-2023-35932 | 2023-06-23 | jcvi vulnerable to Configuration Injection due to unsanitized user input |
| CVE-2023-1783 | 2023-06-23 | OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering |
| CVE-2023-1721 | 2023-06-23 | Yoga Class Registration System 1.0 - RCE |
| CVE-2023-1724 | 2023-06-24 | Faveo Helpdesk Enterprise 6.0.1 - Privilege Escalation via Stored XSS |
| CVE-2023-1722 | 2023-06-24 | Yoga Class Registration System 1.0 - ATO |
| CVE-2023-3197 | 2023-06-24 | The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the... |
| CVE-2023-3388 | 2023-06-24 | The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and... |
| CVE-2023-3387 | 2023-06-24 | The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient... |
| CVE-2015-20109 | 2023-06-25 | end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by... |
| CVE-2023-36612 | 2023-06-25 | Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using... |
| CVE-2023-36630 | 2023-06-25 | In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. |
| CVE-2023-36632 | 2023-06-25 | The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly... |
| CVE-2023-36660 | 2023-06-25 | The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. |
| CVE-2023-36663 | 2023-06-25 | it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. |
| CVE-2023-36664 | 2023-06-25 | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). |
| CVE-2023-36666 | 2023-06-25 | INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected. |
| CVE-2023-36661 | 2023-06-25 | Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on... |
| CVE-2023-3396 | 2023-06-25 | Campcodes Retro Cellphone Online Store index.php sql injection |
| CVE-2020-20210 | 2023-06-26 | Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. |
| CVE-2021-31635 | 2023-06-26 | Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. |
| CVE-2022-40010 | 2023-06-26 | Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module. |
| CVE-2022-48332 | 2023-06-26 | Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow. |
| CVE-2022-48333 | 2023-06-26 | Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow. |
| CVE-2022-48334 | 2023-06-26 | Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow. |
| CVE-2022-48335 | 2023-06-26 | Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow. |
| CVE-2022-48336 | 2023-06-26 | Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow. |
| CVE-2023-25306 | 2023-06-26 | MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal. |
| CVE-2023-25307 | 2023-06-26 | nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal. |
| CVE-2023-27082 | 2023-06-26 | Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. |
| CVE-2023-28485 | 2023-06-26 | A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments.... |
| CVE-2023-29459 | 2023-06-26 | The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus... |
| CVE-2023-30261 | 2023-06-26 | Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request. |
| CVE-2023-33404 | 2023-06-26 | An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code. |
| CVE-2023-33580 | 2023-06-26 | Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page. |
| CVE-2023-34924 | 2023-06-26 | H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST... |
| CVE-2023-36252 | 2023-06-26 | An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration... |
| CVE-2023-36301 | 2023-06-26 | Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. |
| CVE-2023-36631 | 2023-06-26 | Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the... |
| CVE-2023-36662 | 2023-06-26 | The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence... |
| CVE-2023-36675 | 2023-06-26 | An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. |
| CVE-2020-23065 | 2023-06-26 | Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf. |
| CVE-2022-48331 | 2023-06-26 | Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow. |
| CVE-2023-28988 | 2023-06-26 | WordPress Direct checkout, Add to cart redirect for Woocommerce Plugin <= 2.1.48 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28992 | 2023-06-26 | WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28991 | 2023-06-26 | WordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29093 | 2023-06-26 | WordPress Conditional extra fees for woocommerce Plugin <= 1.0.96 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1619 | 2023-06-26 | WAGO: DoS in multiple versions of multiple products |
| CVE-2023-1620 | 2023-06-26 | WAGO: DoS in multiple products in multiple versions using Codesys |
| CVE-2023-1150 | 2023-06-26 | WAGO: Series 750-3x/-8x prone to MODBUS server DoS |
| CVE-2023-22359 | 2023-06-26 | User-enumeration in RestAPI |
| CVE-2023-29423 | 2023-06-26 | WordPress Cancel order request WooCommerce Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29424 | 2023-06-26 | WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29427 | 2023-06-26 | WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29430 | 2023-06-26 | WordPress TheRoof Theme <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3398 | 2023-06-26 | Denial of Service in jgraph/drawio |
| CVE-2023-29434 | 2023-06-26 | WordPress Optin Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29436 | 2023-06-26 | WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29435 | 2023-06-26 | WordPress Cryptocurrency All-in-One Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29437 | 2023-06-26 | WordPress Connections Business Directory Plugin <= 10.4.36 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29438 | 2023-06-26 | WordPress SimpleModal Contact Form (SMCF) Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2005 | 2023-06-26 | Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability |
| CVE-2023-35933 | 2023-06-26 | OpenFGA denial of service die to circular relationship |
| CVE-2023-35930 | 2023-06-26 | LookupResources may return partial results in spicedb |
| CVE-2023-2290 | 2023-06-26 | A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2023-2992 | 2023-06-26 | An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will... |
| CVE-2023-2993 | 2023-06-26 | A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM... |
| CVE-2023-3113 | 2023-06-26 | An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. |
| CVE-2023-34418 | 2023-06-26 | A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web... |
| CVE-2023-34420 | 2023-06-26 | A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. |
| CVE-2023-34421 | 2023-06-26 | A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. |
| CVE-2023-34422 | 2023-06-26 | A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. |
| CVE-2023-33176 | 2023-06-26 | Blind SSRF When Uploading Presentation in BigBlueButton |
| CVE-2023-35168 | 2023-06-26 | DataEase has a privilege bypass vulnerability |
| CVE-2023-34463 | 2023-06-26 | Unauthorized users can delete applications in DataEase |
| CVE-2023-3420 | 2023-06-26 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-3421 | 2023-06-26 | Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-3422 | 2023-06-26 | Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2023-35164 | 2023-06-26 | Unauthorized users can manipulate a dashboard created by an administrator in DataEase |
| CVE-2023-28929 | 2023-06-26 | Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or... |
| CVE-2023-30902 | 2023-06-26 | A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys... |
| CVE-2023-32521 | 2023-06-26 | A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. |
| CVE-2023-32522 | 2023-06-26 | A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an... |
| CVE-2023-32523 | 2023-06-26 | Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note:... |
| CVE-2023-32524 | 2023-06-26 | Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note:... |
| CVE-2023-32525 | 2023-06-26 | Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-32526 | 2023-06-26 | Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-32527 | 2023-06-26 | Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first... |
| CVE-2023-32528 | 2023-06-26 | Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first... |
| CVE-2023-32529 | 2023-06-26 | Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an... |
| CVE-2023-32530 | 2023-06-26 | Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an... |
| CVE-2023-32531 | 2023-06-26 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This... |
| CVE-2023-32532 | 2023-06-26 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This... |
| CVE-2023-32533 | 2023-06-26 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This... |