CVE List - 2023 / June
Showing 2201 - 2300 of 2395 CVEs for June 2023 (Page 23 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-34647 | 2023-06-28 | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-34650 | 2023-06-28 | PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-34651 | 2023-06-28 | PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-34652 | 2023-06-28 | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course. |
| CVE-2023-34736 | 2023-06-28 | Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload. |
| CVE-2023-34738 | 2023-06-28 | Chemex through 3.7.1 is vulnerable to arbitrary file upload. |
| CVE-2023-34761 | 2023-06-28 | An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter. |
| CVE-2023-34843 | 2023-06-28 | Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request. |
| CVE-2023-34928 | 2023-06-28 | A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2023-34929 | 2023-06-28 | A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2023-34930 | 2023-06-28 | A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2023-34931 | 2023-06-28 | A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2023-34932 | 2023-06-28 | A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2023-34933 | 2023-06-28 | A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2023-34934 | 2023-06-28 | A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2023-34935 | 2023-06-28 | A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2023-34936 | 2023-06-28 | A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2023-34937 | 2023-06-28 | A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2021-25827 | 2023-06-28 | Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address. |
| CVE-2023-21237 | 2023-06-28 | In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional... |
| CVE-2023-3355 | 2023-06-28 | Null pointer dereference in submit_lookup_cmds() in drivers/gpu/drm/msm/msm_gem_submit.c |
| CVE-2023-3357 | 2023-06-28 | A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. |
| CVE-2023-3358 | 2023-06-28 | A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. |
| CVE-2023-3359 | 2023-06-28 | An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference. |
| CVE-2023-3439 | 2023-06-28 | A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be... |
| CVE-2023-3330 | 2023-06-28 | Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N... |
| CVE-2023-3331 | 2023-06-28 | Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N,... |
| CVE-2023-3332 | 2023-06-28 | Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N... |
| CVE-2023-3333 | 2023-06-28 | Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N,... |
| CVE-2023-3427 | 2023-06-28 | The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on... |
| CVE-2022-48505 | 2023-06-28 | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system |
| CVE-2023-3407 | 2023-06-28 | The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test... |
| CVE-2023-1844 | 2023-06-28 | The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40.... |
| CVE-2023-32623 | 2023-06-28 | Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server. |
| CVE-2023-26134 | 2023-06-28 | Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a... |
| CVE-2023-3034 | 2023-06-28 | Reflected XSS in BKG Ntrip Professional Caster version <=2.0.44 |
| CVE-2023-1295 | 2023-06-28 | Privilege escalation with IO_RING_OP_CLOSE in the Linux Kernel |
| CVE-2023-3445 | 2023-06-28 | Cross-site Scripting (XSS) - Stored in spinacms/spina |
| CVE-2023-36467 | 2023-06-28 | AWS data.all vulnerable to RCE through user injection of Python Commands |
| CVE-2023-27866 | 2023-06-28 | IBM Informix JDBC code execution |
| CVE-2023-2625 | 2023-06-28 | A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to... |
| CVE-2021-31937 | 2023-06-28 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-3449 | 2023-06-28 | IBOS OA Interview Management Export export&interviews=x actionExport sql injection |
| CVE-2023-3450 | 2023-06-28 | Ruijie RG-BCR860 Network Diagnostic Page os command injection |
| CVE-2023-3090 | 2023-06-28 | Out-of-bounds write in Linux kernel's ipvlan network driver |
| CVE-2023-3389 | 2023-06-28 | Use after free in io_uring in the Linux Kernel |
| CVE-2023-3390 | 2023-06-28 | Use-after-free in Linux kernel's netfilter subsystem |
| CVE-2023-3243 | 2023-06-28 | ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could... |
| CVE-2023-36474 | 2023-06-28 | Interactsh server settings make users vulnerable to Subdomain Takeover |
| CVE-2023-36475 | 2023-06-28 | Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution |
| CVE-2020-26708 | 2023-06-29 | requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. |
| CVE-2020-26709 | 2023-06-29 | py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. |
| CVE-2020-26710 | 2023-06-29 | easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. |
| CVE-2022-44719 | 2023-06-29 | An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions. |
| CVE-2022-44720 | 2023-06-29 | An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot. |
| CVE-2022-46407 | 2023-06-29 | Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request... |
| CVE-2022-46408 | 2023-06-29 | Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead... |
| CVE-2023-26085 | 2023-06-29 | A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. |
| CVE-2023-26612 | 2023-06-29 | D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. |
| CVE-2023-26613 | 2023-06-29 | An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. |
| CVE-2023-26616 | 2023-06-29 | D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. |
| CVE-2023-33277 | 2023-06-29 | The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. |
| CVE-2023-33466 | 2023-06-29 | Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite... |
| CVE-2023-34486 | 2023-06-29 | itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection... |
| CVE-2023-34487 | 2023-06-29 | itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through... |
| CVE-2023-34598 | 2023-06-29 | Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. |
| CVE-2023-34599 | 2023-06-29 | Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. |
| CVE-2023-34648 | 2023-06-29 | A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script... |
| CVE-2023-34656 | 2023-06-29 | An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges. |
| CVE-2023-34658 | 2023-06-29 | Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. |
| CVE-2023-34734 | 2023-06-29 | Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) . |
| CVE-2023-34735 | 2023-06-29 | Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. |
| CVE-2023-34831 | 2023-06-29 | The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form ("id" and "title" HTTP POST parameters)... |
| CVE-2023-34834 | 2023-06-29 | A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint. |
| CVE-2023-34844 | 2023-06-29 | Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape. |
| CVE-2023-34849 | 2023-06-29 | An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1. |
| CVE-2023-35830 | 2023-06-29 | STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for... |
| CVE-2023-36484 | 2023-06-29 | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). |
| CVE-2023-36487 | 2023-06-29 | The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. |
| CVE-2023-37237 | 2023-06-29 | In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. |
| CVE-2023-37251 | 2023-06-29 | An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use... |
| CVE-2023-37254 | 2023-06-29 | An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format. |
| CVE-2023-37255 | 2023-06-29 | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP... |
| CVE-2023-37256 | 2023-06-29 | An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs. |
| CVE-2023-25433 | 2023-06-29 | libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. |
| CVE-2023-26966 | 2023-06-29 | libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. |
| CVE-2023-36488 | 2023-06-29 | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS). |
| CVE-2023-36617 | 2023-06-29 | A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time... |
| CVE-2023-36476 | 2023-06-29 | `calamares-nixos-extensions` LUKS keyfile exposure |
| CVE-2022-29144 | 2023-06-29 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-29146 | 2023-06-29 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2022-29147 | 2023-06-29 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2023-32610 | 2023-06-29 | Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. |
| CVE-2022-26899 | 2023-06-29 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-2982 | 2023-06-29 | The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient... |
| CVE-2023-1602 | 2023-06-29 | The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including,... |
| CVE-2022-23264 | 2023-06-29 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2023-3447 | 2023-06-29 | The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the... |
| CVE-2023-22886 | 2023-06-29 | Apache Airflow JDBC Provider: RCE Vulnerability |
| CVE-2023-3457 | 2023-06-29 | SourceCodester Shopping Website index.php sql injection |