Lista CVE - 2023 / Giugno
Visualizzazione 401 - 500 di 2395 CVE per Giugno 2023 (Pagina 5 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-21670 | 2023-06-06 | Improper Access control in GPU Subsystem |
| CVE-2023-20727 | 2023-06-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-2833 | 2023-06-06 | The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for... |
| CVE-2023-0985 | 2023-06-06 | Helmholz and MB Connect Line: Account takeover via password reset in multiple products |
| CVE-2023-1779 | 2023-06-06 | Helmholz and MB Connect Line: Account takeover via password reset in multiple products |
| CVE-2023-3119 | 2023-06-06 | SourceCodester Service Provider Management System view.php sql injection |
| CVE-2023-3120 | 2023-06-06 | SourceCodester Service Provider Management System view_service.php sql injection |
| CVE-2023-3121 | 2023-06-06 | Dahua Smart Parking Management image server-side request forgery |
| CVE-2023-20728 | 2023-06-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20729 | 2023-06-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20730 | 2023-06-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20731 | 2023-06-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20732 | 2023-06-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20733 | 2023-06-06 | In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2023-20734 | 2023-06-06 | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20735 | 2023-06-06 | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20736 | 2023-06-06 | In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20737 | 2023-06-06 | In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2023-20738 | 2023-06-06 | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20739 | 2023-06-06 | In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2023-20740 | 2023-06-06 | In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2023-20741 | 2023-06-06 | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20742 | 2023-06-06 | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20743 | 2023-06-06 | In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20744 | 2023-06-06 | In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20745 | 2023-06-06 | In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20746 | 2023-06-06 | In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20747 | 2023-06-06 | In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed... |
| CVE-2023-20749 | 2023-06-06 | In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20750 | 2023-06-06 | In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is... |
| CVE-2023-20751 | 2023-06-06 | In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20752 | 2023-06-06 | In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20712 | 2023-06-06 | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20715 | 2023-06-06 | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20716 | 2023-06-06 | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20723 | 2023-06-06 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20724 | 2023-06-06 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20725 | 2023-06-06 | In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-30948 | 2023-06-06 | Retrieval of Attachments to Comments lacks Authorization |
| CVE-2023-32545 | 2023-06-06 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability... |
| CVE-2023-32549 | 2023-06-06 | Landscape insecure token generation |
| CVE-2023-32550 | 2023-06-06 | Landscape's Apache server-status is accessible by default |
| CVE-2023-32551 | 2023-06-06 | Landscape Open Redirect |
| CVE-2023-32539 | 2023-06-06 | Horner Automation Cscape Out-of-bounds Write |
| CVE-2023-32289 | 2023-06-06 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability... |
| CVE-2023-32281 | 2023-06-06 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this... |
| CVE-2023-32203 | 2023-06-06 | Horner Automation Cscape Out-of-bounds Write |
| CVE-2023-31278 | 2023-06-06 | Horner Automation Cscape Out-of-bounds Read |
| CVE-2023-31244 | 2023-06-06 | The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by... |
| CVE-2023-34111 | 2023-06-06 | Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin |
| CVE-2023-29503 | 2023-06-06 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to... |
| CVE-2023-27916 | 2023-06-06 | The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially... |
| CVE-2023-28653 | 2023-06-06 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute... |
| CVE-2023-34104 | 2023-06-06 | Regex Injection via Doctype Entities |
| CVE-2022-46165 | 2023-06-06 | Cross-site Scripting (XSS) in Web GUI in syncthing |
| CVE-2023-33977 | 2023-06-06 | Stored cross site scripting (XSS) via unrestricted file upload in Kiwi TCMS |
| CVE-2023-2801 | 2023-06-06 | Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing... |
| CVE-2023-2183 | 2023-06-06 | Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role.... |
| CVE-2023-33957 | 2023-06-06 | Denial of service from high number of artifact signatures in notation |
| CVE-2023-33958 | 2023-06-06 | Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation |
| CVE-2023-33959 | 2023-06-06 | Verification bypass can cause users into verifying the wrong artifact |
| CVE-2023-32682 | 2023-06-06 | Improper checks for deactivated users during login in synapse |
| CVE-2023-32683 | 2023-06-06 | URL deny list bypass via oEmbed and image URLs when generating previews in Synapse |
| CVE-2023-22833 | 2023-06-06 | Mandatory control bypass in Lime2 |
| CVE-2021-33223 | 2023-06-07 | An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file. |
| CVE-2021-46889 | 2023-06-07 | The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693. |
| CVE-2022-25834 | 2023-06-07 | In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. |
| CVE-2022-31693 | 2023-06-07 | VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest... |
| CVE-2023-0121 | 2023-06-07 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-0508 | 2023-06-07 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in GitLab |
| CVE-2023-1825 | 2023-06-07 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-2001 | 2023-06-07 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was... |
| CVE-2023-2013 | 2023-06-07 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.... |
| CVE-2023-2015 | 2023-06-07 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.... |
| CVE-2023-2198 | 2023-06-07 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.... |
| CVE-2023-2199 | 2023-06-07 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.... |
| CVE-2023-2442 | 2023-06-07 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead... |
| CVE-2023-2485 | 2023-06-07 | Incorrect Privilege Assignment in GitLab |
| CVE-2023-2589 | 2023-06-07 | An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.... |
| CVE-2023-30400 | 2023-06-07 | An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command... |
| CVE-2023-31114 | 2023-06-07 | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via... |
| CVE-2023-31115 | 2023-06-07 | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS... |
| CVE-2023-31116 | 2023-06-07 | An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted... |
| CVE-2023-3142 | 2023-06-07 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2023-33282 | 2023-06-07 | Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to... |
| CVE-2023-33283 | 2023-06-07 | Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key. |
| CVE-2023-33284 | 2023-06-07 | Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to execute code in context of the web server. |
| CVE-2023-33496 | 2023-06-07 | xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode. |
| CVE-2023-33498 | 2023-06-07 | alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. |
| CVE-2023-33510 | 2023-06-07 | Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. |
| CVE-2023-33536 | 2023-06-07 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. |
| CVE-2023-33537 | 2023-06-07 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. |
| CVE-2023-33553 | 2023-06-07 | An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie. |
| CVE-2023-33556 | 2023-06-07 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. |
| CVE-2023-33595 | 2023-06-07 | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. |
| CVE-2023-33601 | 2023-06-07 | An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2023-33604 | 2023-06-07 | Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST request. |
| CVE-2023-33781 | 2023-06-07 | An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. |
| CVE-2023-33782 | 2023-06-07 | D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. |
| CVE-2023-2530 | 2023-06-07 | A privilege escalation allowing remote code execution was discovered in the orchestration service. |