Lista CVE - 2023 / Giugno
Visualizzazione 2001 - 2100 di 2395 CVE per Giugno 2023 (Pagina 21 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-32534 | 2023-06-26 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This... |
| CVE-2023-32535 | 2023-06-26 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This... |
| CVE-2023-32536 | 2023-06-26 | Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must... |
| CVE-2023-32537 | 2023-06-26 | Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must... |
| CVE-2023-32552 | 2023-06-26 | An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.... |
| CVE-2023-32553 | 2023-06-26 | An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.... |
| CVE-2023-32554 | 2023-06-26 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note:... |
| CVE-2023-32555 | 2023-06-26 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note:... |
| CVE-2023-32556 | 2023-06-26 | A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker... |
| CVE-2023-32557 | 2023-06-26 | A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server... |
| CVE-2023-32604 | 2023-06-26 | Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must... |
| CVE-2023-32605 | 2023-06-26 | Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must... |
| CVE-2023-34144 | 2023-06-26 | An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected... |
| CVE-2023-34145 | 2023-06-26 | An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected... |
| CVE-2023-34146 | 2023-06-26 | An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an... |
| CVE-2023-34147 | 2023-06-26 | An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an... |
| CVE-2023-34148 | 2023-06-26 | An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an... |
| CVE-2023-35695 | 2023-06-26 | A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. |
| CVE-2023-30945 | 2023-06-26 | CVE-2023-30945 |
| CVE-2023-22834 | 2023-06-26 | The contour service was not checking that users had permission to create an analysis for a given dataset |
| CVE-2020-18404 | 2023-06-27 | An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter. |
| CVE-2020-18406 | 2023-06-27 | An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. |
| CVE-2020-18409 | 2023-06-27 | Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html. |
| CVE-2020-18410 | 2023-06-27 | A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges. |
| CVE-2020-18413 | 2023-06-27 | Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. |
| CVE-2020-18414 | 2023-06-27 | Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset. |
| CVE-2020-18416 | 2023-06-27 | An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information. |
| CVE-2020-18418 | 2023-06-27 | A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. |
| CVE-2020-19902 | 2023-06-27 | Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. |
| CVE-2021-30203 | 2023-06-27 | A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2021-30205 | 2023-06-27 | Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. |
| CVE-2023-25001 | 2023-06-27 | A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. |
| CVE-2023-25002 | 2023-06-27 | A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. |
| CVE-2023-25004 | 2023-06-27 | A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution. |
| CVE-2023-29068 | 2023-06-27 | A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of... |
| CVE-2023-34830 | 2023-06-27 | i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page. |
| CVE-2023-34835 | 2023-06-27 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. |
| CVE-2023-34836 | 2023-06-27 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. |
| CVE-2023-34838 | 2023-06-27 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. |
| CVE-2023-34839 | 2023-06-27 | A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the... |
| CVE-2023-35799 | 2023-06-27 | Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges. |
| CVE-2023-35800 | 2023-06-27 | Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive... |
| CVE-2023-34837 | 2023-06-27 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. |
| CVE-2023-3371 | 2023-06-27 | The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3.... |
| CVE-2023-3132 | 2023-06-27 | The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This... |
| CVE-2023-3411 | 2023-06-27 | The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is... |
| CVE-2023-3412 | 2023-06-27 | The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is... |
| CVE-2023-3423 | 2023-06-27 | Weak Password Requirements in cloudexplorer-dev/cloudexplorer-lite |
| CVE-2023-34395 | 2023-06-27 | Apache Airflow ODBC Provider: Remote code execution vulnerability |
| CVE-2023-35798 | 2023-06-27 | Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability |
| CVE-2023-2743 | 2023-06-27 | WP ERP < 1.12.4 - Reflected Cross-Site Scripting |
| CVE-2023-2627 | 2023-06-27 | KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2023-2996 | 2023-06-27 | Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API |
| CVE-2023-2580 | 2023-06-27 | AI-Engine < 1.6.83 - Admin+ Stored XSS |
| CVE-2023-2178 | 2023-06-27 | Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS |
| CVE-2023-2482 | 2023-06-27 | Responsive CSS EDITOR <= 1.0 - Admin+ SQLi |
| CVE-2023-2744 | 2023-06-27 | WP ERP < 1.12.4 - Admin+ SQL Injection |
| CVE-2023-2601 | 2023-06-27 | WP Brutal AI < 2.0.0 - SQL Injection via CSRF |
| CVE-2023-2877 | 2023-06-27 | Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution |
| CVE-2023-2032 | 2023-06-27 | Custom 404 Pro < 3.8.1 - Multiple SQL Injection |
| CVE-2022-4115 | 2023-06-27 | Editorial Calendar < 3.8.3 - Contributor+ Stored XSS |
| CVE-2023-0873 | 2023-06-27 | Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS |
| CVE-2023-1891 | 2023-06-27 | Accordion & FAQ < 1.9.9 - Reflected XSS |
| CVE-2023-2842 | 2023-06-27 | WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF |
| CVE-2023-2711 | 2023-06-27 | Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS |
| CVE-2023-2068 | 2023-06-27 | File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode |
| CVE-2023-2592 | 2023-06-27 | FormCraft Premium < 3.9.7 - Admin+ SQLi |
| CVE-2023-2623 | 2023-06-27 | KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure |
| CVE-2023-1166 | 2023-06-27 | USM Premium < 16.3 - Admin+ Stored XSS |
| CVE-2023-2628 | 2023-06-27 | KiviCare Management System < 3.2.1 - Multiple CSRF |
| CVE-2023-2624 | 2023-06-27 | KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting |
| CVE-2023-0588 | 2023-06-27 | Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS |
| CVE-2023-2326 | 2023-06-27 | Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF |
| CVE-2023-2795 | 2023-06-27 | CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting |
| CVE-2023-2605 | 2023-06-27 | WP Brutal AI < 2.0.1 - Admin+ Reflected XSS |
| CVE-2023-3405 | 2023-06-27 | Denial of service condition in M-Files Server |
| CVE-2023-3431 | 2023-06-27 | Improper Access Control in plantuml/plantuml |
| CVE-2023-2818 | 2023-06-27 | ITM Windows Agent Insecure Filesystem Permissions |
| CVE-2023-3432 | 2023-06-27 | Server-Side Request Forgery (SSRF) in plantuml/plantuml |
| CVE-2023-35998 | 2023-06-27 | ITM Server Missing Authorization in SOAP Endpoints |
| CVE-2023-36000 | 2023-06-27 | ITM Server Missing Authorization for Agent Config |
| CVE-2023-36002 | 2023-06-27 | ITM Server Missing Authorization for URL validation |
| CVE-2023-34098 | 2023-06-27 | Dependency configuration exposed in Shopware |
| CVE-2023-34099 | 2023-06-27 | Improper mail validation in Shopware |
| CVE-2023-34240 | 2023-06-27 | Weak passwords allowed in cloudexplorer-lite |
| CVE-2023-32339 | 2023-06-27 | IBM Business Automation Workflow cross-site scripting |
| CVE-2023-26273 | 2023-06-27 | IBM QRadar security bypass |
| CVE-2023-26276 | 2023-06-27 | IBM QRadar information disclosure |
| CVE-2023-28857 | 2023-06-27 | LDAP password leak in Apereo CAS - GHSL-2023-009 |
| CVE-2023-26274 | 2023-06-27 | IBM QRadar cross-site scripting |
| CVE-2022-34352 | 2023-06-27 | IBM QRadar information disclosure |
| CVE-2023-22593 | 2023-06-27 | IBM Robotic Process Automation for Cloud Pak security configuration |
| CVE-2023-23468 | 2023-06-27 | IBM Robotic Process Automation for Cloud Pak access control |
| CVE-2023-30993 | 2023-06-27 | IBM Cloud Pak for Security information disclosure |
| CVE-2023-36463 | 2023-06-27 | Cross site scripting (XSS) in meldekarten generator |
| CVE-2023-3436 | 2023-06-27 | Deadlock in Xpdf 4.04 due to PDF object stream references |
| CVE-2023-36464 | 2023-06-27 | Infinite Loop when a comment isn't followed by a character in pypdf |
| CVE-2021-25828 | 2023-06-28 | Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web. |
| CVE-2022-20443 | 2023-06-28 | In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-4143 | 2023-06-28 | An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs... |