Total
2820 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25496 | 1 Lenovo | 1 Drivers Management | 2024-08-02 | 7.8 High |
| A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2023-25174 | 2024-08-02 | 6.7 Medium | ||
| Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-25150 | 1 Nextcloud | 1 Richdocuments | 2024-08-02 | 5.8 Medium |
| Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue. | ||||
| CVE-2023-25159 | 1 Nextcloud | 2 Nextcloud Server, Richdocuments | 2024-08-02 | 2.3 Low |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available. | ||||
| CVE-2023-25149 | 1 Timescale | 1 Timescaledb | 2024-08-02 | 8.8 High |
| TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms. | ||||
| CVE-2023-25161 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-02 | 3.7 Low |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available. | ||||
| CVE-2023-25073 | 2024-08-02 | 5.5 Medium | ||
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-24905 | 1 Microsoft | 10 Windows 10 20h2, Windows 10 20h2, Windows 10 21h2 and 7 more | 2024-08-02 | 7.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2023-24844 | 1 Qualcomm | 86 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 83 more | 2024-08-02 | 8.4 High |
| Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | ||||
| CVE-2023-24546 | 1 Arista | 1 Cloudvision Portal | 2024-08-02 | 8.1 High |
| On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service. | ||||
| CVE-2023-24512 | 1 Arista | 110 32qd, 48ehs, 48lbas and 107 more | 2024-08-02 | 8.8 High |
| On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision | ||||
| CVE-2023-24484 | 1 Citrix | 1 Workspace | 2024-08-02 | 5.5 Medium |
| A malicious user can cause log files to be written to a directory that they do not have permission to write to. | ||||
| CVE-2023-24486 | 1 Citrix | 1 Workspace | 2024-08-02 | 5.5 Medium |
| A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | ||||
| CVE-2023-24490 | 1 Citrix | 2 Linux Virtual Delivery Agent, Virtual Apps And Desktops | 2024-08-02 | 6.3 Medium |
| Users with only access to launch VDA applications can launch an unauthorized desktop | ||||
| CVE-2023-24489 | 1 Citrix | 1 Sharefile Storage Zones Controller | 2024-08-02 | 9.8 Critical |
| A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | ||||
| CVE-2023-24485 | 1 Citrix | 1 Workspace | 2024-08-02 | 7.8 High |
| Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | ||||
| CVE-2023-24481 | 2024-08-02 | 6.3 Medium | ||
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-24479 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-08-02 | 9.8 Critical |
| An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-24022 | 1 Baicells | 5 Nova227, Nova233, Nova243 and 2 more | 2024-08-02 | 10 Critical |
| Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) | ||||
| CVE-2023-23908 | 3 Debian, Fedoraproject, Intel | 275 Debian Linux, Fedora, Microcode and 272 more | 2024-08-02 | 6 Medium |
| Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | ||||