CVE List - 2023 / June
Showing 2301 - 2395 of 2395 CVEs for June 2023 (Page 24 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-3458 | 2023-06-29 | SourceCodester Shopping Website forgot-password.php sql injection |
| CVE-2015-1313 | 2023-06-29 | JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files... |
| CVE-2023-31222 | 2023-06-29 | Medtronic Paceart MSMQ Deserialization of Untrusted Data |
| CVE-2023-33190 | 2023-06-29 | Improperly configured permissions in Sealos |
| CVE-2023-30955 | 2023-06-29 | Foundry workspace-server Developer Mode Authorization Bypass |
| CVE-2023-30946 | 2023-06-29 | Issues notification metadata lacks authorization |
| CVE-2023-35938 | 2023-06-29 | User access not updated with privilege change in Tuleap |
| CVE-2023-36471 | 2023-06-29 | HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml |
| CVE-2023-36607 | 2023-06-29 | CVE-2023-36607 |
| CVE-2023-3464 | 2023-06-29 | SimplePHPscripts Classified Ads Script URL Parameter preview.php cross site scripting |
| CVE-2023-36470 | 2023-06-29 | Code injection in icon themes of XWiki Platform |
| CVE-2023-36469 | 2023-06-29 | Code injection through NotificationRSSService in XWiki Platform |
| CVE-2023-36468 | 2023-06-29 | Upgrading doesn't prevent exploiting vulnerable XWiki documents |
| CVE-2023-3465 | 2023-06-29 | SimplePHPscripts Classified Ads Script HTTP POST Request user.php cross site scripting |
| CVE-2020-18432 | 2023-06-30 | File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. |
| CVE-2023-1206 | 2023-06-30 | A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A... |
| CVE-2023-27469 | 2023-06-30 | Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character. |
| CVE-2023-29145 | 2023-06-30 | The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or... |
| CVE-2023-29147 | 2023-06-30 | In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced,... |
| CVE-2023-29241 | 2023-06-30 | Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network |
| CVE-2023-31543 | 2023-06-30 | A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. |
| CVE-2023-33276 | 2023-06-30 | The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However,... |
| CVE-2023-33298 | 2023-06-30 | com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. |
| CVE-2023-33336 | 2023-06-30 | Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. |
| CVE-2023-34840 | 2023-06-30 | angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2023-36143 | 2023-06-30 | Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device. |
| CVE-2023-36144 | 2023-06-30 | An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device... |
| CVE-2023-36146 | 2023-06-30 | A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733. |
| CVE-2023-36347 | 2023-06-30 | A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. |
| CVE-2023-37298 | 2023-06-30 | Joplin before 2.11.5 allows XSS via a USE element in an SVG document. |
| CVE-2023-37299 | 2023-06-30 | Joplin before 2.11.5 allows XSS via an AREA element of an image map. |
| CVE-2023-37300 | 2023-06-30 | An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. |
| CVE-2023-37301 | 2023-06-30 | An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. |
| CVE-2023-37302 | 2023-06-30 | An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in... |
| CVE-2023-37303 | 2023-06-30 | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError... |
| CVE-2023-37304 | 2023-06-30 | An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature. |
| CVE-2023-37305 | 2023-06-30 | An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. |
| CVE-2023-37306 | 2023-06-30 | MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages. |
| CVE-2023-37307 | 2023-06-30 | In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. |
| CVE-2023-37360 | 2023-06-30 | pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). |
| CVE-2023-37365 | 2023-06-30 | Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer. |
| CVE-2023-2908 | 2023-06-30 | Libtiff: null pointer dereference in tif_dir.c |
| CVE-2023-3338 | 2023-06-30 | Crash due to a null pointer dereference in the dn_nsp_send function |
| CVE-2023-3469 | 2023-06-30 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq |
| CVE-2023-3063 | 2023-06-30 | The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing... |
| CVE-2023-2834 | 2023-06-30 | The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking... |
| CVE-2023-3249 | 2023-06-30 | The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect... |
| CVE-2023-36539 | 2023-06-30 | Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. |
| CVE-2023-32607 | 2023-06-30 | Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-32608 | 2023-06-30 | Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server. |
| CVE-2023-32612 | 2023-06-30 | Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root... |
| CVE-2023-32613 | 2023-06-30 | Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging... |
| CVE-2023-32620 | 2023-06-30 | Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. |
| CVE-2023-32621 | 2023-06-30 | WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. |
| CVE-2023-32622 | 2023-06-30 | Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. |
| CVE-2023-2846 | 2023-06-30 | Authentication Bypass Vulnerability in MELSEC-F Series main module |
| CVE-2023-26135 | 2023-06-30 | All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in the flatnest/nest.js file. |
| CVE-2023-28387 | 2023-06-30 | "NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in... |
| CVE-2023-3473 | 2023-06-30 | Campcodes Retro Cellphone Online Store edit_product.php sql injection |
| CVE-2023-3474 | 2023-06-30 | SimplePHPscripts Simple Blog URL Parameter preview.php cross site scripting |
| CVE-2023-3475 | 2023-06-30 | SimplePHPscripts Event Script URL Parameter preview.php cross site scripting |
| CVE-2023-3476 | 2023-06-30 | SimplePHPscripts GuestBook Script URL Parameter preview.php cross site scripting |
| CVE-2023-3477 | 2023-06-30 | RocketSoft Rocket LMS Contact Form store cross site scripting |
| CVE-2023-3479 | 2023-06-30 | Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp |
| CVE-2023-3478 | 2023-06-30 | IBOS OA Add User edit&op=member actionEdit sql injection |
| CVE-2023-26299 | 2023-06-30 | A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released... |
| CVE-2023-35175 | 2023-06-30 | Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model. |
| CVE-2023-35176 | 2023-06-30 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the... |
| CVE-2023-35177 | 2023-06-30 | Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. |
| CVE-2023-35178 | 2023-06-30 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. |
| CVE-2023-3485 | 2023-06-30 | Insecure Default Authorization in Temporal Server |
| CVE-2023-36807 | 2023-06-30 | Infinite Loop when reading malformed objects in pypdf |
| CVE-2023-36810 | 2023-06-30 | Quadratic runtime with malformed PDF missing xref marker in pypdf |
| CVE-2023-36477 | 2023-06-30 | Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform |
| CVE-2023-35947 | 2023-06-30 | Path traversal vulnerabilities in handling of Tar archives in Gradle |
| CVE-2023-35946 | 2023-06-30 | Dependency cache path traversal in Gradle |
| CVE-2023-22816 | 2023-06-30 | Limited Post-Authentication Remote Command Injection in My Cloud Products |
| CVE-2023-22815 | 2023-06-30 | Post-authentication remote command injection vulnerability on Western Digital My Cloud OS 5 devices |
| CVE-2023-3490 | 2023-06-30 | SQL Injection in fossbilling/fossbilling |
| CVE-2023-3491 | 2023-06-30 | Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling |
| CVE-2023-3493 | 2023-06-30 | Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling |
| CVE-2023-36812 | 2023-06-30 | Remote Code Execution in OpenTSDB |
| CVE-2023-22814 | 2023-06-30 | Authentication Bypass issue in My Cloud OS 5 devices |
| CVE-2021-34506 | 2023-06-30 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2021-42307 | 2023-06-30 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2021-31982 | 2023-06-30 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2021-34475 | 2023-06-30 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-28364 | 2023-06-30 | An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the... |
| CVE-2023-31997 | 2023-06-30 | UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi... |
| CVE-2023-30589 | 2023-06-30 | The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The... |
| CVE-2023-30586 | 2023-06-30 | A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The... |
| CVE-2023-28365 | 2023-06-30 | A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. |
| CVE-2023-28324 | 2023-06-30 | A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. |
| CVE-2023-28323 | 2023-06-30 | A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction... |
| CVE-2020-36735 | 2023-07-01 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... |
| CVE-2020-36736 | 2023-07-01 | The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or... |
| CVE-2021-4384 | 2023-07-01 | The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect... |
| CVE-2020-36737 | 2023-07-01 | The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce... |
| CVE-2020-36738 | 2023-07-01 | The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect... |
| CVE-2020-36739 | 2023-07-01 | The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due... |