Lista CVE - 2023 / Giugno
Visualizzazione 1701 - 1800 di 2395 CVE per Giugno 2023 (Pagina 18 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-34028 | 2023-06-22 | WordPress WOLF Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34170 | 2023-06-22 | WordPress Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3256 | 2023-06-22 | Advantech R-SeeNet External Control of File Name or Path |
| CVE-2023-2611 | 2023-06-22 | Advantech R-SeeNet Use of Hard-coded Credentials |
| CVE-2023-3326 | 2023-06-22 | Network authentication attack via pam_krb5 |
| CVE-2023-28799 | 2023-06-22 | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the... |
| CVE-2023-2989 | 2023-06-22 | Fortra Globalscape Administration Server Out of Bounds Memory Read |
| CVE-2023-28800 | 2023-06-22 | Output encoding missing in redrurl parameter |
| CVE-2023-2990 | 2023-06-22 | Fortra Globalscape Administration Server Denial of Service |
| CVE-2023-2991 | 2023-06-22 | Fortra Globalscape Administration Server Information Disclosure |
| CVE-2023-3128 | 2023-06-22 | Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account... |
| CVE-2023-32320 | 2023-06-22 | Nextcloud Server's brute force protection allows someone to send more requests than intended |
| CVE-2023-23343 | 2023-06-22 | HCL BigFix OSD Bare Metal Server version 311.12 or lower is affected by a clickjacking vulnerability. |
| CVE-2023-3114 | 2023-06-22 | Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent Pool |
| CVE-2023-28006 | 2023-06-22 | HCL BigFix OSD Bare Metal Server is affected by a weak cryptographic algorithm. |
| CVE-2023-28016 | 2023-06-22 | HCL BigFix OSD Bare Metal Server is affected by a host header injection vulnerability |
| CVE-2023-34110 | 2023-06-22 | Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error |
| CVE-2023-34241 | 2023-06-22 | CUPS vulnerable to use-after-free in cupsdAcceptClient() |
| CVE-2023-34462 | 2023-06-22 | netty-handler SniHandler 16MB allocation |
| CVE-2022-22630 | 2023-06-23 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user... |
| CVE-2022-42792 | 2023-06-23 | This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information |
| CVE-2022-42807 | 2023-06-23 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing... |
| CVE-2022-42834 | 2023-06-23 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to... |
| CVE-2022-42860 | 2023-06-23 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be... |
| CVE-2022-46715 | 2023-06-23 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences |
| CVE-2022-46718 | 2023-06-23 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app... |
| CVE-2023-23516 | 2023-06-23 | The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute... |
| CVE-2023-23539 | 2023-06-23 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code... |
| CVE-2023-25003 | 2023-06-23 | A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to... |
| CVE-2023-27908 | 2023-06-23 | A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. |
| CVE-2023-27930 | 2023-06-23 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be... |
| CVE-2023-27940 | 2023-06-23 | The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able... |
| CVE-2023-27964 | 2023-06-23 | An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your... |
| CVE-2023-28191 | 2023-06-23 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS... |
| CVE-2023-28202 | 2023-06-23 | This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may... |
| CVE-2023-29860 | 2023-06-23 | An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. |
| CVE-2023-30260 | 2023-06-23 | Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. |
| CVE-2023-30362 | 2023-06-23 | Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. |
| CVE-2023-3212 | 2023-06-23 | A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference... |
| CVE-2023-32351 | 2023-06-23 | A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges. |
| CVE-2023-32353 | 2023-06-23 | A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges. |
| CVE-2023-32354 | 2023-06-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose... |
| CVE-2023-32355 | 2023-06-23 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to... |
| CVE-2023-32357 | 2023-06-23 | An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5... |
| CVE-2023-32363 | 2023-06-23 | A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences. |
| CVE-2023-32365 | 2023-06-23 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be... |
| CVE-2023-32367 | 2023-06-23 | This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data. |
| CVE-2023-32368 | 2023-06-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing... |
| CVE-2023-32369 | 2023-06-23 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to... |
| CVE-2023-32371 | 2023-06-23 | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its... |
| CVE-2023-32372 | 2023-06-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may... |
| CVE-2023-32375 | 2023-06-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of process... |
| CVE-2023-32376 | 2023-06-23 | This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to... |
| CVE-2023-32380 | 2023-06-23 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may... |
| CVE-2023-32382 | 2023-06-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result... |
| CVE-2023-32384 | 2023-06-23 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7,... |
| CVE-2023-32385 | 2023-06-23 | A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected... |
| CVE-2023-32386 | 2023-06-23 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be... |
| CVE-2023-32388 | 2023-06-23 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big... |
| CVE-2023-32389 | 2023-06-23 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may... |
| CVE-2023-32392 | 2023-06-23 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS... |
| CVE-2023-32394 | 2023-06-23 | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to... |
| CVE-2023-32397 | 2023-06-23 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An... |
| CVE-2023-32398 | 2023-06-23 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7,... |
| CVE-2023-32399 | 2023-06-23 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be... |
| CVE-2023-32402 | 2023-06-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web... |
| CVE-2023-32403 | 2023-06-23 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur... |
| CVE-2023-32405 | 2023-06-23 | A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to gain... |
| CVE-2023-32407 | 2023-06-23 | A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7,... |
| CVE-2023-32408 | 2023-06-23 | The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS... |
| CVE-2023-32410 | 2023-06-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An... |
| CVE-2023-32411 | 2023-06-23 | This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An... |
| CVE-2023-32412 | 2023-06-23 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7,... |
| CVE-2023-32413 | 2023-06-23 | A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7,... |
| CVE-2023-32414 | 2023-06-23 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox. |
| CVE-2023-32415 | 2023-06-23 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able... |
| CVE-2023-32419 | 2023-06-23 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution. |
| CVE-2023-32420 | 2023-06-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be... |
| CVE-2023-32423 | 2023-06-23 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing... |
| CVE-2023-3302 | 2023-06-23 | Improper Neutralization of Formula Elements in a CSV File in admidio/admidio |
| CVE-2023-3303 | 2023-06-23 | Improper Access Control in admidio/admidio |
| CVE-2023-3304 | 2023-06-23 | Improper Access Control in admidio/admidio |
| CVE-2023-34203 | 2023-06-23 | In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change... |
| CVE-2023-34671 | 2023-06-23 | Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the... |
| CVE-2023-34672 | 2023-06-23 | Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur... |
| CVE-2023-34673 | 2023-06-23 | Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur... |
| CVE-2023-35759 | 2023-06-23 | In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser,... |
| CVE-2023-35801 | 2023-06-23 | A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing... |
| CVE-2023-36192 | 2023-06-23 | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c. |
| CVE-2023-36193 | 2023-06-23 | Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. |
| CVE-2023-36273 | 2023-06-23 | LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. |
| CVE-2023-36284 | 2023-06-23 | An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms... |
| CVE-2023-36287 | 2023-06-23 | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter. |
| CVE-2023-36288 | 2023-06-23 | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter. |
| CVE-2023-36289 | 2023-06-23 | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back... |
| CVE-2023-36345 | 2023-06-23 | A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. |
| CVE-2023-36346 | 2023-06-23 | POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. |
| CVE-2023-36348 | 2023-06-23 | POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. |
| CVE-2023-28204 | 2023-06-23 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5... |
| CVE-2023-30258 | 2023-06-23 | Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. |