Total
7976 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23827 | 1 Nginxui | 1 Nginx Ui | 2024-11-21 | 9.8 Critical |
| Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue. | ||||
| CVE-2024-23793 | 1 Otrs | 2 Otrs, Otrs Community Edition | 2024-11-21 | 6.3 Medium |
| The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts. This issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2024-23774 | 2024-11-21 | 7.8 High | ||
| An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM privileges. | ||||
| CVE-2024-23773 | 2024-11-21 | 7.8 High | ||
| An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges. | ||||
| CVE-2024-23772 | 2024-11-21 | 6.6 Medium | ||
| An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges. | ||||
| CVE-2024-23540 | 2024-11-21 | 5.3 Medium | ||
| The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file. | ||||
| CVE-2024-23479 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | ||||
| CVE-2024-23477 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 7.9 High |
| The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | ||||
| CVE-2024-23476 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | ||||
| CVE-2024-23475 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | ||||
| CVE-2024-23474 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 7.6 High |
| The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability. | ||||
| CVE-2024-23472 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM. | ||||
| CVE-2024-23468 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 7.6 High |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | ||||
| CVE-2024-23467 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution. | ||||
| CVE-2024-23466 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 9.6 Critical |
| SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. | ||||
| CVE-2024-22779 | 1 Kihron | 1 Serverrpexposer | 2024-11-21 | 8.8 High |
| Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. | ||||
| CVE-2024-22514 | 1 Ispyconnect | 1 Agent Dvr | 2024-11-21 | 8.8 High |
| An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. | ||||
| CVE-2024-22415 | 1 Jupyter | 1 Language Server Protocol Integration | 2024-11-21 | 7.3 High |
| jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp. | ||||
| CVE-2024-22377 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | 5.3 Medium |
| The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | ||||
| CVE-2024-22232 | 2024-11-21 | 7.7 High | ||
| A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem. | ||||