Search Results (363487 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23474 1 Solarwinds 1 Access Rights Manager 2024-11-21 7.6 High
The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.
CVE-2024-23472 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.
CVE-2024-23471 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.
CVE-2024-23470 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables.
CVE-2024-23469 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.
CVE-2024-23468 1 Solarwinds 1 Access Rights Manager 2024-11-21 7.6 High
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
CVE-2024-23467 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.
CVE-2024-23466 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.
CVE-2024-23465 1 Solarwinds 1 Access Rights Manager 2024-11-21 8.3 High
The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.  
CVE-2024-23448 1 Elastic 1 Apm Server 2024-11-21 5.7 Medium
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.
CVE-2024-23446 1 Elastic 1 Kibana 2024-11-21 6.5 Medium
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.
CVE-2024-23443 1 Elastic 1 Kibana 2024-11-21 4.9 Medium
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
CVE-2024-23442 1 Elastic 1 Kibana 2024-11-21 6.1 Medium
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
CVE-2024-23380 1 Qualcomm 215 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 212 more 2024-11-21 8.4 High
Memory corruption while handling user packets during VBO bind operation.
CVE-2024-23373 1 Qualcomm 444 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 441 more 2024-11-21 8.4 High
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2024-23372 1 Qualcomm 225 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 222 more 2024-11-21 8.4 High
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size.
CVE-2024-23368 1 Qualcomm 686 Apq8064au, Apq8064au Firmware, Aqt1000 and 683 more 2024-11-21 7.8 High
Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-23341 1 Ithuan 1 Tuitse-tsusin 2024-11-21 6.1 Medium
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation.
CVE-2024-23326 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 5.9 Medium
Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.
CVE-2024-23325 1 Envoyproxy 1 Envoy 2024-11-21 7.5 High
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.