Total
3294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25150 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | N/A | 5.8 MEDIUM |
| Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue. | |||||
| CVE-2023-25149 | 1 Timescale | 1 Timescaledb | 2024-11-21 | N/A | 8.8 HIGH |
| TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms. | |||||
| CVE-2023-25073 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-24905 | 1 Microsoft | 5 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2023-24844 | 1 Qualcomm | 86 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 83 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | |||||
| CVE-2023-24512 | 1 Arista | 110 32qd, 48ehs, 48lbas and 107 more | 2024-11-21 | N/A | 8.8 HIGH |
| On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision | |||||
| CVE-2023-24490 | 1 Citrix | 2 Linux Virtual Delivery Agent, Virtual Apps And Desktops | 2024-11-21 | N/A | 6.3 MEDIUM |
| Users with only access to launch VDA applications can launch an unauthorized desktop | |||||
| CVE-2023-24486 | 1 Citrix | 1 Workspace | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | |||||
| CVE-2023-24481 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 6.3 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-24479 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-24022 | 1 Baicells | 5 Nova227, Nova233, Nova243 and 2 more | 2024-11-21 | N/A | 10.0 CRITICAL |
| Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) | |||||
| CVE-2023-23923 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 8.2 HIGH |
| The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. | |||||
| CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A | 7.5 HIGH |
| An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | |||||
| CVE-2023-23908 | 3 Debian, Fedoraproject, Intel | 275 Debian Linux, Fedora, Microcode and 272 more | 2024-11-21 | N/A | 6.0 MEDIUM |
| Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-23835 | 1 Mendix | 1 Mendix | 2024-11-21 | N/A | 5.9 MEDIUM |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors. | |||||
| CVE-2023-23615 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 5.3 MEDIUM |
| Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. | |||||
| CVE-2023-23573 | 1 Intel | 1 Unite | 2024-11-21 | N/A | 4.4 MEDIUM |
| Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-23446 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. | |||||
| CVE-2023-23445 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface. | |||||
| CVE-2023-22920 | 1 Zyxel | 4 Lte3202-m437, Lte3202-m437 Firmware, Lte3316-m604 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet. | |||||