Search Results (362845 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23477 1 Solarwinds 1 Access Rights Manager 2024-11-21 7.9 High
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.
CVE-2024-23476 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution.
CVE-2024-23475 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
CVE-2024-23474 1 Solarwinds 1 Access Rights Manager 2024-11-21 7.6 High
The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.
CVE-2024-23472 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.
CVE-2024-23471 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.
CVE-2024-23470 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables.
CVE-2024-23469 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.
CVE-2024-23468 1 Solarwinds 1 Access Rights Manager 2024-11-21 7.6 High
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
CVE-2024-23467 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.
CVE-2024-23466 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.
CVE-2024-23465 1 Solarwinds 1 Access Rights Manager 2024-11-21 8.3 High
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.  
CVE-2024-23448 1 Elastic 1 Apm Server 2024-11-21 5.7 Medium
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.
CVE-2024-23446 1 Elastic 1 Kibana 2024-11-21 6.5 Medium
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.
CVE-2024-23443 1 Elastic 1 Kibana 2024-11-21 4.9 Medium
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
CVE-2024-23442 1 Elastic 1 Kibana 2024-11-21 6.1 Medium
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
CVE-2024-23380 1 Qualcomm 215 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 212 more 2024-11-21 8.4 High
Memory corruption while handling user packets during VBO bind operation.
CVE-2024-23373 1 Qualcomm 444 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 441 more 2024-11-21 8.4 High
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2024-23372 1 Qualcomm 225 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 222 more 2024-11-21 8.4 High
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
CVE-2024-23368 1 Qualcomm 686 Apq8064au, Apq8064au Firmware, Aqt1000 and 683 more 2024-11-21 7.8 High
Memory corruption when allocating and accessing an entry in an SMEM partition.