Lista CVE - 2023 / Giugno
Visualizzazione 301 - 400 di 2395 CVE per Giugno 2023 (Pagina 4 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-33956 | 2023-06-05 | Parameter based Indirect Object Referencing leading to private file exposure in Kanboard |
| CVE-2023-33968 | 2023-06-05 | Missing Access Control allows User to move and duplicate tasks in Kanboard |
| CVE-2023-33970 | 2023-06-05 | Missing access control in internal task links feature in Kanboard |
| CVE-2023-33969 | 2023-06-05 | Stored Cross site scripting in the Task External Link Functionality in Kanboard |
| CVE-2023-34097 | 2023-06-05 | Database password exposed in logs in hoppscotch |
| CVE-2022-4569 | 2023-06-05 | A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during... |
| CVE-2013-10029 | 2023-06-05 | Exit Box Lite Plugin wordpress-exit-box-lite.php exitboxadmin cross-site request forgery |
| CVE-2022-48181 | 2023-06-05 | An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. |
| CVE-2022-48188 | 2023-06-05 | A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary... |
| CVE-2023-3079 | 2023-06-05 | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2013-10030 | 2023-06-05 | Exit Box Lite Plugin wordpress-exit-box-lite.php information disclosure |
| CVE-2023-34103 | 2023-06-05 | Stored XSS (Cross Site Scripting) in html content based fields of avo |
| CVE-2023-34102 | 2023-06-05 | Possible unsafe reflection / partial denial of service in avo |
| CVE-2023-32628 | 2023-06-05 | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when... |
| CVE-2023-32540 | 2023-06-05 | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject... |
| CVE-2023-22450 | 2023-06-05 | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in... |
| CVE-2023-0921 | 2023-06-06 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-1621 | 2023-06-06 | An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to... |
| CVE-2023-2132 | 2023-06-06 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.... |
| CVE-2023-2157 | 2023-06-06 | A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. |
| CVE-2023-2253 | 2023-06-06 | A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious... |
| CVE-2023-2602 | 2023-06-06 | A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process... |
| CVE-2023-2603 | 2023-06-06 | A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. |
| CVE-2023-27126 | 2023-06-06 | The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to... |
| CVE-2023-2961 | 2023-06-06 | A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability. |
| CVE-2023-29632 | 2023-06-06 | PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. |
| CVE-2023-31569 | 2023-06-06 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. |
| CVE-2023-31606 | 2023-06-06 | A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-33381 | 2023-06-06 | A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by... |
| CVE-2023-33457 | 2023-06-06 | In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. |
| CVE-2023-33460 | 2023-06-06 | There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. |
| CVE-2023-33477 | 2023-06-06 | In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path. |
| CVE-2023-33530 | 2023-06-06 | There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell... |
| CVE-2023-33532 | 2023-06-06 | There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request... |
| CVE-2023-33533 | 2023-06-06 | Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker... |
| CVE-2023-33569 | 2023-06-06 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. |
| CVE-2023-33613 | 2023-06-06 | axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a... |
| CVE-2023-33651 | 2023-06-06 | An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass... |
| CVE-2023-33652 | 2023-06-06 | Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx. |
| CVE-2023-33653 | 2023-06-06 | Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML. |
| CVE-2023-33659 | 2023-06-06 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to... |
| CVE-2023-33684 | 2023-06-06 | Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same... |
| CVE-2023-33747 | 2023-06-06 | CloudPanel v2.2.2 allows attackers to execute a path traversal. |
| CVE-2023-34409 | 2023-06-06 | In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows... |
| CVE-2015-10116 | 2023-06-06 | RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgery |
| CVE-2023-2546 | 2023-06-06 | The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function... |
| CVE-2015-10117 | 2023-06-06 | Gravity Forms DPS PxPay Plugin cross site scripting |
| CVE-2017-20185 | 2023-06-06 | Fuzzy SWMP GET Parameter swmp.php cross site scripting |
| CVE-2018-25087 | 2023-06-06 | Arborator Server project.cgi start denial of service |
| CVE-2022-48390 | 2023-06-06 | In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48391 | 2023-06-06 | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48392 | 2023-06-06 | In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48438 | 2023-06-06 | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48439 | 2023-06-06 | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48440 | 2023-06-06 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48441 | 2023-06-06 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48442 | 2023-06-06 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48443 | 2023-06-06 | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48444 | 2023-06-06 | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48445 | 2023-06-06 | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48446 | 2023-06-06 | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48447 | 2023-06-06 | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48448 | 2023-06-06 | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2023-30863 | 2023-06-06 | In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2023-30864 | 2023-06-06 | In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2023-30865 | 2023-06-06 | In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30866 | 2023-06-06 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30914 | 2023-06-06 | In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30915 | 2023-06-06 | In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2022-22060 | 2023-06-06 | Reachable Assertion in Modem |
| CVE-2022-22076 | 2023-06-06 | Cryptographic issue in Core |
| CVE-2022-33224 | 2023-06-06 | Buffer copy without checking the size of input in Core |
| CVE-2022-33226 | 2023-06-06 | Buffer copy without checking the size of input in Core |
| CVE-2022-33227 | 2023-06-06 | Double free in Linux-Android |
| CVE-2022-33230 | 2023-06-06 | Buffer copy without checking the size of input in FM Host |
| CVE-2022-33240 | 2023-06-06 | Incorrect type conversion or cast in Audio |
| CVE-2022-33251 | 2023-06-06 | Reachable assertion in Modem |
| CVE-2022-33263 | 2023-06-06 | Use after free in Core |
| CVE-2022-33264 | 2023-06-06 | Stack-based buffer overflow in Modem |
| CVE-2022-33267 | 2023-06-06 | Improper restriction of operations within the bounds of memory buffer in Linux |
| CVE-2022-33303 | 2023-06-06 | Uncontrolled resource consumption in Linux kernel |
| CVE-2022-33307 | 2023-06-06 | Double free in Automotive |
| CVE-2022-40507 | 2023-06-06 | Double free in Core |
| CVE-2022-40521 | 2023-06-06 | Improper authorization in Modem |
| CVE-2022-40522 | 2023-06-06 | Double free in Linux Networking |
| CVE-2022-40523 | 2023-06-06 | Information exposure in Kernel |
| CVE-2022-40525 | 2023-06-06 | Information Exposure in Linux Networking Firmware |
| CVE-2022-40529 | 2023-06-06 | Improper access control in Kernel |
| CVE-2022-40533 | 2023-06-06 | Untrusted Pointer Dereference in Core |
| CVE-2022-40536 | 2023-06-06 | Improper authentication in Modem |
| CVE-2022-40538 | 2023-06-06 | Reachable assertion in Modem |
| CVE-2023-21628 | 2023-06-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN HAL |
| CVE-2023-21632 | 2023-06-06 | Stack-based Buffer Overflow in Automotive GPU |
| CVE-2023-21656 | 2023-06-06 | Improper Input Validation in WLAN HOST |
| CVE-2023-21657 | 2023-06-06 | Improper Input Validation in Audio |
| CVE-2023-21658 | 2023-06-06 | Buffer Over-Read in WLAN Firmware |
| CVE-2023-21659 | 2023-06-06 | Buffer Over-read in WLAN Firmware |
| CVE-2023-21660 | 2023-06-06 | Buffer Over-read in WLAN Firmware |
| CVE-2023-21661 | 2023-06-06 | Buffer Over-read in WLAN Firmware |
| CVE-2023-21669 | 2023-06-06 | Buffer Over-read in WLAN HOST |