|
308761
|
5.4 |
MEDIUM
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
|
CWE-79
Cross-site Scripting
|
CVE-2024-47950
|
2024-10-12 04:57 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308762
|
7.5 |
HIGH
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
|
CWE-22
Path Traversal
|
CVE-2024-47949
|
2024-10-12 04:57 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308763
|
7.5 |
HIGH
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
|
CWE-22
Path Traversal
|
CVE-2024-47948
|
2024-10-12 04:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308764
|
6.5 |
MEDIUM
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-47161
|
2024-10-12 04:54 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308765
|
9.8 |
CRITICAL
Network
|
dlink
|
di-8400_firmware
|
A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the pat…
|
CWE-77
Command Injection
|
CVE-2024-44400
|
2024-10-12 02:15 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308766
|
7.8 |
HIGH
Local
|
libarchive
|
libarchive
|
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
|
CWE-125
Out-of-bounds Read
|
CVE-2024-48957
|
2024-10-12 01:12 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308767
|
7.8 |
HIGH
Local
|
libarchive
|
libarchive
|
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
|
CWE-125
Out-of-bounds Read
|
CVE-2024-48958
|
2024-10-12 01:11 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308768
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 1…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2024-9397
|
2024-10-12 01:07 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308769
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-9869
|
2024-10-12 00:15 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308770
|
4.8 |
MEDIUM
Network
|
webkul
|
krayin_crm
|
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.
|
CWE-79
Cross-site Scripting
|
CVE-2024-45932
|
2024-10-11 22:21 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
