Total
2820 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-36725 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-08-02 | 7.8 High |
Windows Kernel Elevation of Privilege Vulnerability | ||||
CVE-2023-36643 | 2024-08-02 | 7.5 High | ||
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function. | ||||
CVE-2023-36561 | 1 Microsoft | 1 Azure Devops Server | 2024-08-02 | 7.3 High |
Azure DevOps Server Elevation of Privilege Vulnerability | ||||
CVE-2023-36554 | 1 Fortinet | 1 Fortimanager | 2024-08-02 | 7.7 High |
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | ||||
CVE-2023-36497 | 1 Doverfuelingsolutions | 2 Maglink Lx 3, Maglink Lx Web Console Configuration | 2024-08-02 | 8.8 High |
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges. | ||||
CVE-2023-36404 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2024-08-02 | 5.5 Medium |
Windows Kernel Information Disclosure Vulnerability | ||||
CVE-2023-35939 | 1 Glpi-project | 1 Glpi | 2024-08-02 | 8.1 High |
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue. | ||||
CVE-2023-35940 | 1 Glpi-project | 1 Glpi | 2024-08-02 | 7.5 High |
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue. | ||||
CVE-2023-35927 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-02 | 7.6 High |
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. Remove all trusted servers in the "Administration" > "Sharing" settings `…/index.php/settings/admin/sharing`. Afterwards, trigger a recreation of the local system addressbook with the following `occ dav:sync-system-addressbook`. | ||||
CVE-2023-35167 | 1 Remult | 1 Remult | 2024-08-02 | 5 Medium |
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function. | ||||
CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2024-08-02 | 7.2 High |
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | ||||
CVE-2023-35173 | 1 Nextcloud | 1 End-to-end Encryption | 2024-08-02 | 5.7 Medium |
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix. | ||||
CVE-2023-35121 | 2024-08-02 | 7.8 High | ||
Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2023-34316 | 1 Deltaww | 1 Infrasuite Device Master | 2024-08-02 | 6.5 Medium |
An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. | ||||
CVE-2023-34107 | 1 Glpi-project | 1 Glpi | 2024-08-02 | 6.5 Medium |
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue. | ||||
CVE-2023-34106 | 1 Glpi-project | 1 Glpi | 2024-08-02 | 6.5 Medium |
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch. | ||||
CVE-2023-33947 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-08-02 | 2.7 Low |
The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. | ||||
CVE-2023-33946 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-08-02 | 2.7 Low |
The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. | ||||
CVE-2023-33191 | 1 Nirmata | 1 Kyverno | 2024-08-02 | 4.6 Medium |
Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4. | ||||
CVE-2023-33155 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-08-02 | 7.8 High |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |