Security Vulnerabilities - CVEs Published In July 2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
CVSS Score
4.6
EPSS Score
0.136
Published
2024-07-22
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
CVSS Score
3.5
EPSS Score
0.001
Published
2024-07-22
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
CVSS Score
3.1
EPSS Score
0.001
Published
2024-07-22
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.
CVSS Score
7.4
EPSS Score
0.006
Published
2024-07-22
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-07-22
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.
CVSS Score
9.6
EPSS Score
0.006
Published
2024-07-22
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-07-22
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document manager permissions modal is not taken into account and always considered as unchecked. In situations where the permissions are being restricted some users might still keep, incorrectly, the possibility to edit or manage items. Only change made via the web UI are affected, changes directly made via the REST API are not impacted. This vulnerability is fixed in Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-07-22
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS Score
6.8
EPSS Score
0.017
Published
2024-07-22
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVSS Score
6.8
EPSS Score
0.017
Published
2024-07-22