CVE List - 2023 / June
Showing 901 - 1000 of 2395 CVEs for June 2023 (Page 10 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-28550 | 2023-06-13 | Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not... |
| CVE-2022-47376 | 2023-06-13 | The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations... |
| CVE-2023-24469 | 2023-06-13 | Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0 |
| CVE-2023-24470 | 2023-06-13 | Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. |
| CVE-2023-24546 | 2023-06-13 | On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader... |
| CVE-2023-27836 | 2023-06-13 | TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. |
| CVE-2023-27837 | 2023-06-13 | TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. |
| CVE-2023-29160 | 2023-06-13 | Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed... |
| CVE-2023-29167 | 2023-06-13 | Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may... |
| CVE-2023-29498 | 2023-06-13 | Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the... |
| CVE-2023-29501 | 2023-06-13 | Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification.... |
| CVE-2023-29562 | 2023-06-13 | TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale. |
| CVE-2023-30179 | 2023-06-13 | CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings,... |
| CVE-2023-30762 | 2023-06-13 | Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may... |
| CVE-2023-30764 | 2023-06-13 | OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings... |
| CVE-2023-30766 | 2023-06-13 | Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may... |
| CVE-2023-31195 | 2023-06-13 | ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and... |
| CVE-2023-31196 | 2023-06-13 | Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU... |
| CVE-2023-31198 | 2023-06-13 | OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected... |
| CVE-2023-31437 | 2023-06-13 | An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE:... |
| CVE-2023-31438 | 2023-06-13 | An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications.... |
| CVE-2023-31439 | 2023-06-13 | An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the... |
| CVE-2023-31541 | 2023-06-13 | A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the... |
| CVE-2023-3218 | 2023-06-13 | Race Condition within a Thread in it-novum/openitcockpit |
| CVE-2023-3224 | 2023-06-13 | Code Injection in nuxt/nuxt |
| CVE-2023-32546 | 2023-06-13 | Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store... |
| CVE-2023-32548 | 2023-06-13 | OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a... |
| CVE-2023-33568 | 2023-06-13 | An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact... |
| CVE-2023-33620 | 2023-06-13 | GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. |
| CVE-2023-33621 | 2023-06-13 | GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history... |
| CVE-2023-33695 | 2023-06-13 | Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. |
| CVE-2023-33817 | 2023-06-13 | hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. |
| CVE-2023-34537 | 2023-06-13 | A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. |
| CVE-2023-34944 | 2023-06-13 | An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. |
| CVE-2023-34965 | 2023-06-13 | SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. |
| CVE-2023-2351 | 2023-06-13 | The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions... |
| CVE-2023-2277 | 2023-06-13 | The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on... |
| CVE-2023-2278 | 2023-06-13 | The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated attackers to include... |
| CVE-2023-2563 | 2023-06-13 | The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce... |
| CVE-2023-2827 | 2023-06-13 | Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital |
| CVE-2023-32114 | 2023-06-13 | Denial of Service in SAP NetWeaver |
| CVE-2023-32115 | 2023-06-13 | SQL Injection in Master Data Synchronization (MDS COMPARE TOOL) |
| CVE-2023-33984 | 2023-06-13 | Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository) |
| CVE-2023-33985 | 2023-06-13 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal |
| CVE-2023-33986 | 2023-06-13 | Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management) |
| CVE-2023-33991 | 2023-06-13 | Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management |
| CVE-2023-2876 | 2023-06-13 | Session cookie exposure for client side script |
| CVE-2023-2673 | 2023-06-13 | PHOENIX CONTACT: FL/TC MGUARD prone to Improper Input Validation |
| CVE-2023-0142 | 2023-06-13 | Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write... |
| CVE-2023-2729 | 2023-06-13 | Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. |
| CVE-2023-25910 | 2023-06-13 | A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2... |
| CVE-2023-27465 | 2023-06-13 | A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions... |
| CVE-2023-28829 | 2023-06-13 | A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0... |
| CVE-2023-29129 | 2023-06-13 | A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML... |
| CVE-2023-30757 | 2023-06-13 | A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal)... |
| CVE-2023-30897 | 2023-06-13 | A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was... |
| CVE-2023-30901 | 2023-06-13 | A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0)... |
| CVE-2023-31238 | 2023-06-13 | A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0)... |
| CVE-2023-33121 | 2023-06-13 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions... |
| CVE-2023-33122 | 2023-06-13 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions... |
| CVE-2023-33123 | 2023-06-13 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions... |
| CVE-2023-33124 | 2023-06-13 | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions... |
| CVE-2023-33919 | 2023-06-13 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable... |
| CVE-2023-33920 | 2023-06-13 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the... |
| CVE-2023-33921 | 2023-06-13 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console... |
| CVE-2022-33877 | 2023-06-13 | An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0... |
| CVE-2022-39946 | 2023-06-13 | An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions... |
| CVE-2022-41327 | 2023-06-13 | A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated... |
| CVE-2022-42474 | 2023-06-13 | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager... |
| CVE-2022-42478 | 2023-06-13 | An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. |
| CVE-2022-43949 | 2023-06-13 | A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking... |
| CVE-2022-43953 | 2023-06-13 | A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1,... |
| CVE-2023-22633 | 2023-06-13 | An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow... |
| CVE-2023-22639 | 2023-06-13 | A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version... |
| CVE-2023-25609 | 2023-06-13 | A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access... |
| CVE-2023-26207 | 2023-06-13 | An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords... |
| CVE-2023-26204 | 2023-06-13 | A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all... |
| CVE-2023-26210 | 2023-06-13 | Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2... |
| CVE-2023-27997 | 2023-06-13 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below,... |
| CVE-2023-28000 | 2023-06-13 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may... |
| CVE-2023-29175 | 2023-06-13 | An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0... |
| CVE-2023-29178 | 2023-06-13 | A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker... |
| CVE-2023-33305 | 2023-06-13 | A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0... |
| CVE-2023-2807 | 2023-06-13 | Authentication bypass in password reset process |
| CVE-2023-3047 | 2023-06-13 | SQLi in TMT's Lockcell |
| CVE-2023-3048 | 2023-06-13 | IDOR in TMT's Lockcell |
| CVE-2023-3049 | 2023-06-13 | File Upload in TMT's Lockcell |
| CVE-2023-3050 | 2023-06-13 | Authentication Bypass in TMT's Lockcell |
| CVE-2023-35064 | 2023-06-13 | SQLi in Satos Mobile |
| CVE-2023-23831 | 2023-06-13 | WordPress Rating Widget Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-42880 | 2023-06-13 | WordPress Auto Upload Images Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25964 | 2023-06-13 | WordPress We’re Open! Plugin <= 1.46 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26538 | 2023-06-13 | WordPress Chat Bee Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26528 | 2023-06-13 | WordPress Shipyaari Shipping Management Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28620 | 2023-06-13 | WordPress Cyberus Key Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27624 | 2023-06-13 | WordPress Redirect After Login Plugin <= 0.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25978 | 2023-06-13 | WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-31635 | 2023-06-13 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and... |
| CVE-2022-31636 | 2023-06-13 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and... |
| CVE-2022-31637 | 2023-06-13 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and... |