Lista CVE - 2023 / Giugno
Visualizzazione 1101 - 1200 di 2395 CVE per Giugno 2023 (Pagina 12 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-3229 | 2023-06-14 | Business Logic Errors in fossbilling/fossbilling |
| CVE-2023-3230 | 2023-06-14 | Missing Authorization in fossbilling/fossbilling |
| CVE-2023-33515 | 2023-06-14 | SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens. |
| CVE-2023-34367 | 2023-06-14 | Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is... |
| CVE-2023-34540 | 2023-06-14 | Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code... |
| CVE-2023-34565 | 2023-06-14 | Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function. |
| CVE-2023-34609 | 2023-06-14 | An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34610 | 2023-06-14 | An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34611 | 2023-06-14 | An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34612 | 2023-06-14 | An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34613 | 2023-06-14 | An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34614 | 2023-06-14 | An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34615 | 2023-06-14 | An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34616 | 2023-06-14 | An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34617 | 2023-06-14 | An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34620 | 2023-06-14 | An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34623 | 2023-06-14 | An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34624 | 2023-06-14 | An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-34747 | 2023-06-14 | File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload. |
| CVE-2023-34750 | 2023-06-14 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. |
| CVE-2023-34751 | 2023-06-14 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. |
| CVE-2023-34752 | 2023-06-14 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. |
| CVE-2023-34753 | 2023-06-14 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. |
| CVE-2023-34754 | 2023-06-14 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. |
| CVE-2023-34755 | 2023-06-14 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. |
| CVE-2023-34756 | 2023-06-14 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. |
| CVE-2023-34823 | 2023-06-14 | fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c. |
| CVE-2023-34824 | 2023-06-14 | fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c. |
| CVE-2023-34865 | 2023-06-14 | Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature. |
| CVE-2023-34867 | 2023-06-14 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. |
| CVE-2023-34868 | 2023-06-14 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. |
| CVE-2023-34878 | 2023-06-14 | An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip. |
| CVE-2023-35110 | 2023-06-14 | An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
| CVE-2023-35116 | 2023-06-14 | jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this... |
| CVE-2023-26965 | 2023-06-14 | loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. |
| CVE-2023-3203 | 2023-06-14 | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update... |
| CVE-2023-3200 | 2023-06-14 | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update... |
| CVE-2023-3198 | 2023-06-14 | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update... |
| CVE-2023-3201 | 2023-06-14 | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update... |
| CVE-2023-24937 | 2023-06-14 | Windows CryptoAPI Denial of Service Vulnerability |
| CVE-2023-3189 | 2023-06-14 | SourceCodester Online School Fees System POST Parameter branch.php cross site scripting |
| CVE-2023-3231 | 2023-06-14 | UJCMS ZIP Package information disclosure |
| CVE-2023-3232 | 2023-06-14 | Zhong Bang CRMEB Image Upload app_auth deserialization |
| CVE-2023-3233 | 2023-06-14 | Zhong Bang CRMEB PublicController.php get_image_base64 server-side request forgery |
| CVE-2023-3234 | 2023-06-14 | Zhong Bang CRMEB PublicController.php put_image deserialization |
| CVE-2023-3235 | 2023-06-14 | mccms Comic.php pic_api server-side request forgery |
| CVE-2023-3236 | 2023-06-14 | mccms Comic.php pic_save server-side request forgery |
| CVE-2023-0837 | 2023-06-14 | An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings... |
| CVE-2023-1049 | 2023-06-14 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local... |
| CVE-2023-34000 | 2023-06-14 | WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-3237 | 2023-06-14 | OTCMS hard-coded password |
| CVE-2023-3001 | 2023-06-14 | A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker... |
| CVE-2022-47184 | 2023-06-14 | Apache Traffic Server: The TRACE method can be use to disclose network information |
| CVE-2023-33933 | 2023-06-14 | Apache Traffic Server: s3_auth plugin problem with hash calculation |
| CVE-2023-30631 | 2023-06-14 | Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work |
| CVE-2023-34149 | 2023-06-14 | Apache Struts: DoS via OOM owing to not properly checking of list bounds |
| CVE-2023-2569 | 2023-06-14 | A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using... |
| CVE-2023-34396 | 2023-06-14 | Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms |
| CVE-2023-2570 | 2023-06-14 | A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using... |
| CVE-2023-3238 | 2023-06-14 | OTCMS server-side request forgery |
| CVE-2023-3239 | 2023-06-14 | OTCMS path traversal |
| CVE-2023-3240 | 2023-06-14 | OTCMS usersNews_deal.php path traversal |
| CVE-2023-3241 | 2023-06-14 | OTCMS path traversal |
| CVE-2023-3036 | 2023-06-14 | Out of Bounds Slice index in cfnts leads to remote panic |
| CVE-2023-3040 | 2023-06-14 | Out of Bounds Access Leading to Undefined Behavior |
| CVE-2023-35141 | 2023-06-14 | In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped... |
| CVE-2023-35142 | 2023-06-14 | Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. |
| CVE-2023-35143 | 2023-06-14 | Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting... |
| CVE-2023-35144 | 2023-06-14 | Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting... |
| CVE-2023-35145 | 2023-06-14 | Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting... |
| CVE-2023-35146 | 2023-06-14 | Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2023-35147 | 2023-06-14 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the... |
| CVE-2023-35148 | 2023-06-14 | A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. |
| CVE-2023-35149 | 2023-06-14 | A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. |
| CVE-2023-32465 | 2023-06-14 | Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead... |
| CVE-2023-34101 | 2023-06-14 | Contiki-NG vulnerable to out-of-bounds read when processing ICMP DAO input |
| CVE-2023-28310 | 2023-06-14 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-24897 | 2023-06-14 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-29326 | 2023-06-14 | .NET Framework Remote Code Execution Vulnerability |
| CVE-2023-32024 | 2023-06-14 | Microsoft Power Apps Spoofing Vulnerability |
| CVE-2023-32031 | 2023-06-14 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-24895 | 2023-06-14 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-24936 | 2023-06-14 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-29331 | 2023-06-14 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
| CVE-2023-29337 | 2023-06-14 | NuGet Client Remote Code Execution Vulnerability |
| CVE-2023-32030 | 2023-06-14 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2022-31640 | 2023-06-14 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. |
| CVE-2023-0010 | 2023-06-14 | PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication |
| CVE-2022-31641 | 2023-06-14 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. |
| CVE-2023-0009 | 2023-06-14 | GlobalProtect App: Local Privilege Escalation (PE) Vulnerability |
| CVE-2022-31642 | 2023-06-14 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. |
| CVE-2023-34095 | 2023-06-14 | cpdb-libs vulnerable to buffer overflows via scanf |
| CVE-2022-31644 | 2023-06-14 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. |
| CVE-2022-31645 | 2023-06-14 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. |
| CVE-2022-31646 | 2023-06-14 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. |
| CVE-2023-2976 | 2023-06-14 | Use of temporary directory for file creation in `FileBackedOutputStream` in Guava |
| CVE-2023-34449 | 2023-06-14 | ink! vulnerable to incorrect decoding of storage value when using `DelegateCall` |
| CVE-2023-1329 | 2023-06-14 | A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on... |
| CVE-2023-2819 | 2023-06-14 | A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the... |
| CVE-2023-2820 | 2023-06-14 | An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials... |