Lista CVE - 2023 / Giugno
Visualizzazione 801 - 900 di 2395 CVE per Giugno 2023 (Pagina 9 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-3184 | 2023-06-09 | SourceCodester Sales Tracker Management System cross site scripting |
| CVE-2023-2121 | 2023-06-09 | Vault’s KV Diff Viewer Allowed for HTML Injection |
| CVE-2023-34245 | 2023-06-09 | Cross site scripting (XSS) in @udecode/plate-link |
| CVE-2019-16283 | 2023-06-09 | A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. |
| CVE-2023-34100 | 2023-06-09 | Out-of-Bounds Read in contiki-ng |
| CVE-2023-32312 | 2023-06-09 | Client secret not mandatory in UmbracoIdentityExtensions |
| CVE-2023-3187 | 2023-06-09 | PHPGurukul Teachers Record Management System Profile Picture changeimage.php unrestricted upload |
| CVE-2023-3188 | 2023-06-10 | Server-Side Request Forgery (SSRF) in owncast/owncast |
| CVE-2023-3190 | 2023-06-10 | Improper Encoding or Escaping of Output in nilsteampassnet/teampass |
| CVE-2023-3191 | 2023-06-10 | Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass |
| CVE-2023-26132 | 2023-06-10 | Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file. |
| CVE-2023-3192 | 2023-06-11 | Session Fixation in froxlor/froxlor |
| CVE-2023-25912 | 2023-06-11 | Webreport disclosure to unauthorized actor in Danfoss AK-EM100 |
| CVE-2023-22586 | 2023-06-11 | Local File Inclusion in Danfoss AK-EM100 |
| CVE-2023-22585 | 2023-06-11 | Reflected Cross-Site Scripting in Danfoss AK-EM100 |
| CVE-2023-22584 | 2023-06-11 | Cleartext credentials in Danfoss AK-EM100 |
| CVE-2023-22582 | 2023-06-11 | Reflected Cross-Site Scripting in Danfoss AK-EM100 |
| CVE-2023-22583 | 2023-06-11 | SQL Injection in Danfoss AK-EM100 |
| CVE-2023-25911 | 2023-06-11 | Authenticated OS Command Injection in Danfoss AK-EM100 |
| CVE-2020-36732 | 2023-06-12 | The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary. |
| CVE-2022-38156 | 2023-06-12 | A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a... |
| CVE-2023-27716 | 2023-06-12 | An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it. |
| CVE-2023-28478 | 2023-06-12 | TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. |
| CVE-2023-30198 | 2023-06-12 | Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php. |
| CVE-2023-32219 | 2023-06-12 | Mazda cars unlocking |
| CVE-2023-32220 | 2023-06-12 | Milesight NCR/Camera Authentication Bypass |
| CVE-2023-32221 | 2023-06-12 | EaseUS Todo Backup may allow local privilege escalation |
| CVE-2023-33253 | 2023-06-12 | LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function,... |
| CVE-2023-33290 | 2023-06-12 | The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). |
| CVE-2023-33492 | 2023-06-12 | EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-33625 | 2023-06-12 | D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. |
| CVE-2023-33626 | 2023-06-12 | D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. |
| CVE-2023-34494 | 2023-06-12 | NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c. |
| CVE-2023-34581 | 2023-06-12 | Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 |
| CVE-2023-34855 | 2023-06-12 | A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file... |
| CVE-2023-34940 | 2023-06-12 | Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the... |
| CVE-2023-34941 | 2023-06-12 | A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-34942 | 2023-06-12 | Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the... |
| CVE-2023-35031 | 2023-06-12 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow... |
| CVE-2023-35032 | 2023-06-12 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka... |
| CVE-2023-35033 | 2023-06-12 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow... |
| CVE-2023-35034 | 2023-06-12 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users,... |
| CVE-2023-35035 | 2023-06-12 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow... |
| CVE-2023-35036 | 2023-06-12 | In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could... |
| CVE-2023-35042 | 2023-06-12 | GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the... |
| CVE-2023-3159 | 2023-06-12 | A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free... |
| CVE-2023-3161 | 2023-06-12 | A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place,... |
| CVE-2023-34488 | 2023-06-12 | NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages. |
| CVE-2023-26133 | 2023-06-12 | All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js. |
| CVE-2015-10118 | 2023-06-12 | cchetanonline WP-CopyProtect wp-copyprotect.php CopyProtect_options_page cross site scripting |
| CVE-2023-23818 | 2023-06-12 | WordPress WP Register Profile With Shortcode Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45827 | 2023-06-12 | WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47140 | 2023-06-12 | WordPress ARMember Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23819 | 2023-06-12 | WordPress itemprop WP for SERP/SEO Rich snippets Plugin <= 3.5.201706131 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23822 | 2023-06-12 | WordPress UTM Tracker Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30753 | 2023-06-12 | WordPress IP Metaboxes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30745 | 2023-06-12 | WordPress IP Metaboxes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32961 | 2023-06-12 | WordPress Zotpress Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31236 | 2023-06-12 | WordPress Scripts n Styles Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32118 | 2023-06-12 | WordPress SALERT Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3206 | 2023-06-12 | Chengdu VEC40G denial of service |
| CVE-2023-3208 | 2023-06-12 | RoadFlow Visual Process Engine .NET Core Mvc Login sql injection |
| CVE-2023-34026 | 2023-06-12 | WordPress This Day In History Plugin <= 3.10.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34468 | 2023-06-12 | Apache NiFi: Potential Code Injection with Database Services using H2 |
| CVE-2023-28933 | 2023-06-12 | WordPress Call Now Accessibility Button Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34212 | 2023-06-12 | Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components |
| CVE-2023-29385 | 2023-06-12 | WordPress WP Abstracts Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35053 | 2023-06-12 | In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms |
| CVE-2023-35054 | 2023-06-12 | In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible |
| CVE-2023-34105 | 2023-06-12 | SRS has command injection vulnerability in demonstration api-server for HTTP callback. |
| CVE-2023-34246 | 2023-06-12 | Doorkeeper Improper Authentication vulnerability |
| CVE-2023-34344 | 2023-06-12 | A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username |
| CVE-2023-34345 | 2023-06-12 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. |
| CVE-2023-34341 | 2023-06-12 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the... |
| CVE-2023-34342 | 2023-06-12 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of... |
| CVE-2023-34343 | 2023-06-12 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of... |
| CVE-2023-34334 | 2023-06-12 | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of... |
| CVE-2023-34335 | 2023-06-12 | AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this... |
| CVE-2023-34336 | 2023-06-12 | AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service,... |
| CVE-2023-1323 | 2023-06-12 | Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS |
| CVE-2023-2718 | 2023-06-12 | Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2023-0431 | 2023-06-12 | File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-2398 | 2023-06-12 | Icegram Engage < 3.1.12 - Reflected XSS |
| CVE-2023-2362 | 2023-06-12 | Multiple Plugins from Wow-Company - Reflected XSS |
| CVE-2023-2568 | 2023-06-12 | Photo Gallery by Ays < 5.1.7 - Reflected XSS |
| CVE-2022-36331 | 2023-06-12 | Impersonation attack causing an Authentication Bypass on Western Digital devices |
| CVE-2022-27539 | 2023-06-12 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information... |
| CVE-2022-27541 | 2023-06-12 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information... |
| CVE-2022-43777 | 2023-06-12 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information... |
| CVE-2022-43778 | 2023-06-12 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information... |
| CVE-2023-1899 | 2023-06-12 | CVE-2023-1899 |
| CVE-2023-1898 | 2023-06-12 | CVE-2023-1898 |
| CVE-2023-1897 | 2023-06-12 | CVE-2023-1897 |
| CVE-2023-26294 | 2023-06-12 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. |
| CVE-2023-26295 | 2023-06-12 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. |
| CVE-2023-26296 | 2023-06-12 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. |
| CVE-2023-26297 | 2023-06-12 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. |
| CVE-2023-26298 | 2023-06-12 | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. |
| CVE-2023-32673 | 2023-06-12 | Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege. |
| CVE-2023-32674 | 2023-06-12 | Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow. |