Ugrás a tartalomra

Riasztások

2024. december 20.

NA - CVE-2024-56349 - In JetBrains TeamCity before 2024.12 improper...

In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
security-database.com
Tovább
2024. december 20.

NA - CVE-2024-56350 - In JetBrains TeamCity before 2024.12 build...

In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
security-database.com
Tovább
2024. december 20.

NA - CVE-2024-56351 - In JetBrains TeamCity before 2024.12 access...

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
security-database.com
Tovább
2024. december 20.

NA - CVE-2024-56352 - In JetBrains TeamCity before 2024.12 stored XSS...

In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
security-database.com
Tovább
2024. december 20.

NA - CVE-2024-56353 - In JetBrains TeamCity before 2024.12 backup...

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
security-database.com
Tovább
2024. december 20.

NA - CVE-2024-56354 - In JetBrains TeamCity before 2024.12 password...

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
security-database.com
Tovább
2024. december 20.

NA - CVE-2024-56355 - In JetBrains TeamCity before 2024.12 missing...

In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
security-database.com
Tovább
2024. december 20.

NA - CVE-2024-56356 - In JetBrains TeamCity before 2024.12 insecure...

In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
security-database.com
Tovább
2024. december 20.

NA - CVE-2024-10385 - Ticket management system in DirectAdmin...

Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin...
security-database.com
Tovább
2024. december 20.

Medium - CVE-2024-12840 - A server-side request forgery exists in...

A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can...
security-database.com
Tovább
Nyelv