CVE List - 2023 / June
Showing 601 - 700 of 2395 CVEs for June 2023 (Page 7 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-0667 | 2023-06-07 | Wireshark MSMMS parsing buffer overflow |
| CVE-2023-2186 | 2023-06-07 | On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform... |
| CVE-2023-2187 | 2023-06-07 | On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully... |
| CVE-2023-1388 | 2023-06-07 | A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming... |
| CVE-2023-0976 | 2023-06-07 | A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by... |
| CVE-2023-30575 | 2023-06-07 | Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths |
| CVE-2023-30576 | 2023-06-07 | Apache Guacamole: Use-after-free in handling of RDP audio input buffer |
| CVE-2023-2541 | 2023-06-07 | Sensitive information disclosure in KNIME Hub Web Application |
| CVE-2023-3140 | 2023-06-07 | KNIME Hub Web Application is vulnerable to clickjacking |
| CVE-2021-4337 | 2023-06-07 | Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible... |
| CVE-2020-36705 | 2023-06-07 | The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This... |
| CVE-2021-4379 | 2023-06-07 | The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This... |
| CVE-2021-4380 | 2023-06-07 | The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including,... |
| CVE-2020-36728 | 2023-06-07 | The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which... |
| CVE-2023-20887 | 2023-06-07 | Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack... |
| CVE-2023-20888 | 2023-06-07 | Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to... |
| CVE-2023-20889 | 2023-06-07 | Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack... |
| CVE-2023-3143 | 2023-06-07 | SourceCodester Online Discussion Forum Site manage_post.php cross site scripting |
| CVE-2023-2878 | 2023-06-07 | Kubernetes secrets-store-csi-driver discloses service account tokens in logs |
| CVE-2023-3144 | 2023-06-07 | SourceCodester Online Discussion Forum Site manage_post.php cross site scripting |
| CVE-2023-3145 | 2023-06-07 | SourceCodester Online Discussion Forum Site sql injection |
| CVE-2023-3146 | 2023-06-07 | SourceCodester Online Discussion Forum Site manage_category.php sql injection |
| CVE-2023-3147 | 2023-06-07 | SourceCodester Online Discussion Forum Site view_category.php sql injection |
| CVE-2023-3148 | 2023-06-07 | SourceCodester Online Discussion Forum Site manage_post.php sql injection |
| CVE-2023-3149 | 2023-06-07 | SourceCodester Online Discussion Forum Site manage_user.php sql injection |
| CVE-2023-34234 | 2023-06-07 | Governor proposal creation may be blocked by frontrunning in OpenZeppelin |
| CVE-2023-34109 | 2023-06-07 | User input results in Unbounded resource consumption in @zxcvbn-ts/core |
| CVE-2023-34108 | 2023-06-07 | Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords |
| CVE-2023-3150 | 2023-06-07 | SourceCodester Online Discussion Forum Site manage_post.php sql injection |
| CVE-2023-3151 | 2023-06-07 | SourceCodester Online Discussion Forum Site manage_user.php sql injection |
| CVE-2023-29345 | 2023-06-07 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2023-3152 | 2023-06-07 | SourceCodester Online Discussion Forum Site view_post.php sql injection |
| CVE-2023-34237 | 2023-06-07 | Remote code execution via specially crafted script settings in SABnzbd |
| CVE-2023-2866 | 2023-06-07 | Advantech WebAccess Insufficient Type Distinction |
| CVE-2023-33848 | 2023-06-07 | IBM CICS TX information disclosure |
| CVE-2023-1709 | 2023-06-07 | Datalogics Library APDFL Stack-based Buffer Overflow |
| CVE-2023-1864 | 2023-06-07 | FANUC ROBOGUIDE-HandlingPRO Path Traversal |
| CVE-2023-24014 | 2023-06-07 | Delta Electronics CNCSoft-B DOPSoft Heap-based buffer overflow |
| CVE-2023-25177 | 2023-06-07 | Delta Electronics CNCSoft-B DOPSoft Stack-based buffer overflow |
| CVE-2023-33849 | 2023-06-07 | IBM CICS TX information disclosure |
| CVE-2023-29168 | 2023-06-07 | PTC Vuforia Studio Insufficiently Protected Credentials |
| CVE-2023-24476 | 2023-06-07 | PTC Vuforia Studio Improper Authorization |
| CVE-2023-29152 | 2023-06-07 | PTC Vuforia Studio Improper Authorization |
| CVE-2023-27881 | 2023-06-07 | PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type |
| CVE-2023-29502 | 2023-06-07 | PTC Vuforia Studio Path Traversal |
| CVE-2023-31200 | 2023-06-07 | PTC Vuforia Studio Cross-Site Request Forgery |
| CVE-2023-2904 | 2023-06-07 | CVE-2023-2904 |
| CVE-2023-34239 | 2023-06-07 | Unfiltered paths in gradio |
| CVE-2023-34238 | 2023-06-07 | Local File Inclusion vulnerability in Gatsby |
| CVE-2023-32749 | 2023-06-08 | Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user,... |
| CVE-2023-32750 | 2023-06-08 | Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used... |
| CVE-2023-32751 | 2023-06-08 | Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used... |
| CVE-2023-33443 | 2023-06-08 | Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints. |
| CVE-2023-33657 | 2023-06-08 | A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and... |
| CVE-2023-33658 | 2023-06-08 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to... |
| CVE-2023-33660 | 2023-06-08 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to... |
| CVE-2023-34566 | 2023-06-08 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo. |
| CVE-2023-34567 | 2023-06-08 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. |
| CVE-2023-34568 | 2023-06-08 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. |
| CVE-2023-34569 | 2023-06-08 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. |
| CVE-2023-34570 | 2023-06-08 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName. |
| CVE-2023-34571 | 2023-06-08 | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet. |
| CVE-2023-34958 | 2023-06-08 | Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. |
| CVE-2023-34959 | 2023-06-08 | An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests... |
| CVE-2023-34961 | 2023-06-08 | Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. |
| CVE-2023-34962 | 2023-06-08 | Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes. |
| CVE-2023-34969 | 2023-06-08 | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then... |
| CVE-2023-33847 | 2023-06-08 | IBM CICS TX information disclosure |
| CVE-2023-33846 | 2023-06-08 | IBM CICS TX cross-site scripting |
| CVE-2023-23482 | 2023-06-08 | IBM Sterling Partner Engagement Manager clickjacking |
| CVE-2023-23481 | 2023-06-08 | IBM Sterling Partner Engagement Manager cross-site scripting |
| CVE-2023-23480 | 2023-06-08 | IBM Sterling Partner Engagement Manager cross-site scripting |
| CVE-2023-2986 | 2023-06-08 | The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user... |
| CVE-2023-3163 | 2023-06-08 | y_project RuoYi filterKeyword resource consumption |
| CVE-2023-3165 | 2023-06-08 | SourceCodester Life Insurance Management System POST Parameter insertNominee.php cross site scripting |
| CVE-2023-34096 | 2023-06-08 | Thruk has Path Traversal Vulnerability in panorama.pm |
| CVE-2023-34231 | 2023-06-08 | Snowflake Golang Driver vulnerable to Command Injection |
| CVE-2023-0954 | 2023-06-08 | Debug feature in Sensormatic Electronics Illustra Dome and PTZ cameras |
| CVE-2023-34232 | 2023-06-08 | Snowflake NodeJS Driver vulnerable to Command Injection |
| CVE-2023-29402 | 2023-06-08 | Code injection via go command with cgo in cmd/go |
| CVE-2023-29403 | 2023-06-08 | Unsafe behavior in setuid/setgid binaries in runtime |
| CVE-2023-29404 | 2023-06-08 | Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go |
| CVE-2023-29405 | 2023-06-08 | Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go |
| CVE-2023-34233 | 2023-06-08 | Snowflake Python Connector vulnerable to Command Injection |
| CVE-2023-24535 | 2023-06-08 | Panic when parsing invalid messages in google.golang.org/protobuf |
| CVE-2023-29401 | 2023-06-08 | Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin |
| CVE-2023-34230 | 2023-06-08 | Snowflake Connector vulnerable to Command Injection |
| CVE-2023-34243 | 2023-06-08 | Windows user name disclosure in TGstation |
| CVE-2023-34112 | 2023-06-08 | JavaCPP project actions vulnerable to code injection |
| CVE-2023-0342 | 2023-06-09 | MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive |
| CVE-2023-2455 | 2023-06-09 | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is... |
| CVE-2023-26465 | 2023-06-09 | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. |
| CVE-2023-27706 | 2023-06-09 | Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. |
| CVE-2023-29712 | 2023-06-09 | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. |
| CVE-2023-29713 | 2023-06-09 | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. |
| CVE-2023-29714 | 2023-06-09 | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. |
| CVE-2023-29749 | 2023-06-09 | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. |
| CVE-2023-29751 | 2023-06-09 | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. |
| CVE-2023-29753 | 2023-06-09 | An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. |
| CVE-2023-29755 | 2023-06-09 | An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. |