CVE List - 2023 / June
Showing 1301 - 1400 of 2395 CVEs for June 2023 (Page 14 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-25185 | 2023-06-16 | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes... |
| CVE-2023-25186 | 2023-06-16 | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit,... |
| CVE-2023-25187 | 2023-06-16 | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are... |
| CVE-2023-25188 | 2023-06-16 | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit,... |
| CVE-2023-25366 | 2023-06-16 | In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. |
| CVE-2023-25645 | 2023-06-16 | There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation... |
| CVE-2023-30222 | 2023-06-16 | An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping. |
| CVE-2023-30223 | 2023-06-16 | A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. |
| CVE-2023-30453 | 2023-06-16 | The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter. |
| CVE-2023-3195 | 2023-06-16 | A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application... |
| CVE-2023-32752 | 2023-06-16 | L7 Networks InstantScan & InstantQoS - Arbitrary File Upload |
| CVE-2023-32753 | 2023-06-16 | ITPison OMICARD EDM - Arbitrary File Upload |
| CVE-2023-32754 | 2023-06-16 | Thinking Software Efence - SQL injection |
| CVE-2023-3291 | 2023-06-16 | Heap-based Buffer Overflow in gpac/gpac |
| CVE-2023-3293 | 2023-06-16 | Cross-site Scripting (XSS) - Stored in salesagility/suitecrm-core |
| CVE-2023-3294 | 2023-06-16 | Cross-site Scripting (XSS) - DOM in saleor/react-storefront |
| CVE-2023-33438 | 2023-06-16 | A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2023-34474 | 2023-06-16 | A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error,... |
| CVE-2023-34475 | 2023-06-16 | A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free... |
| CVE-2023-34548 | 2023-06-16 | Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. |
| CVE-2023-34645 | 2023-06-16 | jfinal CMS 5.1.0 has an arbitrary file read vulnerability. |
| CVE-2023-34659 | 2023-06-16 | jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. |
| CVE-2023-34660 | 2023-06-16 | jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. |
| CVE-2023-34733 | 2023-06-16 | A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when... |
| CVE-2023-34795 | 2023-06-16 | xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-34845 | 2023-06-16 | Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted... |
| CVE-2023-35782 | 2023-06-16 | The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection. |
| CVE-2023-35783 | 2023-06-16 | The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data. |
| CVE-2023-35784 | 2023-06-16 | A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before... |
| CVE-2023-35790 | 2023-06-16 | An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop. |
| CVE-2023-3268 | 2023-06-16 | An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash... |
| CVE-2023-34832 | 2023-06-16 | TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. |
| CVE-2023-35708 | 2023-06-16 | In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that... |
| CVE-2023-35788 | 2023-06-16 | An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result... |
| CVE-2023-35789 | 2023-06-16 | An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume)... |
| CVE-2023-29356 | 2023-06-16 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-32025 | 2023-06-16 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-32026 | 2023-06-16 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-32027 | 2023-06-16 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-32028 | 2023-06-16 | Microsoft SQL OLE DB Remote Code Execution Vulnerability |
| CVE-2023-29349 | 2023-06-16 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability |
| CVE-2023-34154 | 2023-06-16 | Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources. |
| CVE-2023-34165 | 2023-06-16 | Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero... |
| CVE-2023-34157 | 2023-06-16 | Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app. |
| CVE-2023-2431 | 2023-06-16 | Bypass of seccomp profile enforcement |
| CVE-2023-26013 | 2023-06-16 | WordPress Strong Testimonials Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2783 | 2023-06-16 | App Framework does not checks for the secret provided in the incoming webhook request |
| CVE-2023-25963 | 2023-06-16 | WordPress JS Job Manager Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2784 | 2023-06-16 | Apps Framework allows install requests from regular members via an internal path |
| CVE-2023-2786 | 2023-06-16 | Channel commands execution doesn't properly verify permissions |
| CVE-2023-2787 | 2023-06-16 | Collapsed Reply Threads APIs leak message contents from private channels |
| CVE-2023-26541 | 2023-06-16 | WordPress asMember Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2788 | 2023-06-16 | Deactivated user can retain access using oauth2 api |
| CVE-2023-2791 | 2023-06-16 | Playbooks lets you edit arbitrary posts |
| CVE-2023-2792 | 2023-06-16 | Ephemeral messages return private channel contents in permalink previews |
| CVE-2023-2793 | 2023-06-16 | Stack exhaustion in PreparePostForClientWithEmbedsAndImages |
| CVE-2023-2797 | 2023-06-16 | Path traversal in GitHub plugin's code preview feature |
| CVE-2023-2831 | 2023-06-16 | Denial of Service while unescaping a Markdown string |
| CVE-2023-2785 | 2023-06-16 | Specially crafted search query can cause large log entries in postgres |
| CVE-2023-33306 | 2023-06-16 | A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted... |
| CVE-2023-33307 | 2023-06-16 | A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in... |
| CVE-2023-26515 | 2023-06-16 | WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27420 | 2023-06-16 | WordPress Arya Multipurpose Theme <= 1.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26527 | 2023-06-16 | WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25974 | 2023-06-16 | WordPress wp2syslog Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26537 | 2023-06-16 | WordPress WP No External Links Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-20885 | 2023-06-16 | CF workflows leak credentials in system audit logs |
| CVE-2022-48330 | 2023-06-16 | A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0(H100SP22C00). |
| CVE-2022-48472 | 2023-06-16 | A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211. |
| CVE-2022-48471 | 2023-06-16 | There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal. |
| CVE-2022-48473 | 2023-06-16 | There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal. |
| CVE-2022-48469 | 2023-06-16 | There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. |
| CVE-2023-30625 | 2023-06-16 | rudder-server vulnerable to SQL Injection |
| CVE-2023-30903 | 2023-06-16 | HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. |
| CVE-2023-30904 | 2023-06-16 | A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information. |
| CVE-2023-30905 | 2023-06-16 | The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege. |
| CVE-2023-34459 | 2023-06-16 | OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees |
| CVE-2014-125106 | 2023-06-17 | Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string. |
| CVE-2023-35808 | 2023-06-17 | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom... |
| CVE-2023-35809 | 2023-06-17 | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom... |
| CVE-2023-35810 | 2023-06-17 | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests,... |
| CVE-2023-35811 | 2023-06-17 | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL... |
| CVE-2023-35813 | 2023-06-17 | Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. |
| CVE-2023-28287 | 2023-06-17 | Microsoft Publisher Remote Code Execution Vulnerability |
| CVE-2023-28295 | 2023-06-17 | Microsoft Publisher Remote Code Execution Vulnerability |
| CVE-2023-3295 | 2023-06-17 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2023-35826 | 2023-06-18 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. |
| CVE-2023-35827 | 2023-06-18 | An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. |
| CVE-2023-35828 | 2023-06-18 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. |
| CVE-2023-35829 | 2023-06-18 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. |
| CVE-2023-35823 | 2023-06-18 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. |
| CVE-2023-35824 | 2023-06-18 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. |
| CVE-2023-3305 | 2023-06-18 | C-DATA Web Management System User Creation access control |
| CVE-2023-3306 | 2023-06-18 | Ruijie RG-EW1200G Admin Password app.09df2a9e44ab48766f5f.js access control |
| CVE-2023-3307 | 2023-06-18 | miniCal sql injection |
| CVE-2023-3308 | 2023-06-18 | whaleal IceFrog Aviator Template Engine deserialization |
| CVE-2023-3309 | 2023-06-18 | SourceCodester Resort Reservation System Manage Room Page ?page=rooms cross site scripting |
| CVE-2023-3310 | 2023-06-18 | code-projects Agro-School Management System loaddata.php sql injection |
| CVE-2023-3311 | 2023-06-18 | PuneethReddyHC online-shopping-system-advanced addsuppliers.php cross site scripting |
| CVE-2022-48486 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |