CVE List - 2023 / June
Showing 1401 - 1500 of 2395 CVEs for June 2023 (Page 15 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-48487 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48488 | 2023-06-19 | Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop. |
| CVE-2022-48489 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48490 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48491 | 2023-06-19 | Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time. |
| CVE-2022-48492 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48493 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48494 | 2023-06-19 | Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. |
| CVE-2022-48495 | 2023-06-19 | Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained. |
| CVE-2022-48496 | 2023-06-19 | Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. |
| CVE-2022-48497 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48498 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48499 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48500 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48501 | 2023-06-19 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
| CVE-2022-48506 | 2023-06-19 | A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast... |
| CVE-2023-27396 | 2023-06-19 | FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of... |
| CVE-2023-30759 | 2023-06-19 | The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a... |
| CVE-2023-31239 | 2023-06-19 | Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file. |
| CVE-2023-32201 | 2023-06-19 | Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is... |
| CVE-2023-32270 | 2023-06-19 | Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary... |
| CVE-2023-32273 | 2023-06-19 | Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is... |
| CVE-2023-32276 | 2023-06-19 | Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. |
| CVE-2023-32288 | 2023-06-19 | Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution. |
| CVE-2023-32538 | 2023-06-19 | Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is... |
| CVE-2023-32542 | 2023-06-19 | Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. |
| CVE-2023-34155 | 2023-06-19 | Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-34156 | 2023-06-19 | Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied. |
| CVE-2023-34158 | 2023-06-19 | Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. |
| CVE-2023-34159 | 2023-06-19 | Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality. |
| CVE-2023-34160 | 2023-06-19 | Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. |
| CVE-2023-34161 | 2023-06-19 | nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-34162 | 2023-06-19 | Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail. |
| CVE-2023-34163 | 2023-06-19 | Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-34166 | 2023-06-19 | Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. |
| CVE-2023-34167 | 2023-06-19 | Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. |
| CVE-2023-34602 | 2023-06-19 | JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. |
| CVE-2023-34603 | 2023-06-19 | JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. |
| CVE-2023-34641 | 2023-06-19 | KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog... |
| CVE-2023-34642 | 2023-06-19 | KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog... |
| CVE-2023-34657 | 2023-06-19 | A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. |
| CVE-2023-35839 | 2023-06-19 | A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload. |
| CVE-2023-35840 | 2023-06-19 | _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. |
| CVE-2023-35843 | 2023-06-19 | NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download... |
| CVE-2023-35844 | 2023-06-19 | packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used. |
| CVE-2023-35846 | 2023-06-19 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering. |
| CVE-2023-35847 | 2023-06-19 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero). |
| CVE-2023-35848 | 2023-06-19 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member. |
| CVE-2023-35849 | 2023-06-19 | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. |
| CVE-2023-35853 | 2023-06-19 | In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless... |
| CVE-2023-35855 | 2023-06-19 | A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. |
| CVE-2023-35856 | 2023-06-19 | A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a... |
| CVE-2023-35857 | 2023-06-19 | In Siren Investigate before 13.2.2, session keys remain active even after logging out. |
| CVE-2023-35862 | 2023-06-19 | libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. |
| CVE-2023-35866 | 2023-06-19 | In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need... |
| CVE-2023-3022 | 2023-06-19 | A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not... |
| CVE-2023-3312 | 2023-06-19 | A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. |
| CVE-2023-35852 | 2023-06-19 | In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory... |
| CVE-2023-35005 | 2023-06-19 | Apache Airflow: Information disclosure on configuration view |
| CVE-2023-32208 | 2023-06-19 | Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. |
| CVE-2023-32209 | 2023-06-19 | A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. |
| CVE-2023-32210 | 2023-06-19 | Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document... |
| CVE-2023-32214 | 2023-06-19 | Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects... |
| CVE-2023-32216 | 2023-06-19 | Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence... |
| CVE-2023-29531 | 2023-06-19 | An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird... |
| CVE-2023-29532 | 2023-06-19 | A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update... |
| CVE-2023-29542 | 2023-06-19 | A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led... |
| CVE-2023-29545 | 2023-06-19 | Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only... |
| CVE-2023-25747 | 2023-06-19 | A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of... |
| CVE-2023-29534 | 2023-06-19 | Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox... |
| CVE-2023-29546 | 2023-06-19 | When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for... |
| CVE-2023-34414 | 2023-06-19 | The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If... |
| CVE-2023-34416 | 2023-06-19 | Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2023-25733 | 2023-06-19 | The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110. |
| CVE-2023-25736 | 2023-06-19 | An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110. |
| CVE-2023-34415 | 2023-06-19 | When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as... |
| CVE-2023-34417 | 2023-06-19 | Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2019-25136 | 2023-06-19 | A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. |
| CVE-2023-2779 | 2023-06-19 | Super Socializer < 7.13.52 - Reflected XSS |
| CVE-2023-2684 | 2023-06-19 | File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-2811 | 2023-06-19 | AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-2221 | 2023-06-19 | WP Custom Cursors < 3.2 - Admin+ SQLi |
| CVE-2023-2719 | 2023-06-19 | SupportCandy < 3.1.7 - Subscriber+ SQLi |
| CVE-2023-2742 | 2023-06-19 | AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-2492 | 2023-06-19 | QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi |
| CVE-2023-2899 | 2023-06-19 | Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS |
| CVE-2023-2401 | 2023-06-19 | Qubotchat < 1.1.6 – Admin+ Stored XSS |
| CVE-2023-2600 | 2023-06-19 | Custom Base Terms < 1.0.3 - Admin+ Stored XSS |
| CVE-2023-0368 | 2023-06-19 | Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS |
| CVE-2023-2359 | 2023-06-19 | Revolution Slider <= 6.6.12 - Author+ Remote Code Execution |
| CVE-2023-0489 | 2023-06-19 | SlideOnline <= 1.2.1 - Contributor+ Stored XSS |
| CVE-2023-2527 | 2023-06-19 | Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi |
| CVE-2023-2399 | 2023-06-19 | qubotchat < 1.1.6 - Unauthenticated Stored XSS |
| CVE-2023-2751 | 2023-06-19 | Upload Resume <= 1.2.0 - Captcha Bypass |
| CVE-2023-2654 | 2023-06-19 | Conditional Menus < 1.2.1 - Reflected XSS |
| CVE-2023-2805 | 2023-06-19 | SupportCandy < 3.1.7 - Admin+ SQLi |
| CVE-2023-2812 | 2023-06-19 | Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS |
| CVE-2023-3316 | 2023-06-19 | A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. |
| CVE-2023-27992 | 2023-06-19 | The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an... |
| CVE-2022-47586 | 2023-06-19 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection |