Security Vulnerabilities - CVEs Published In August 2024
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-08-16
A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-08-16
VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-08-16
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.
CVSS Score
8.3
EPSS Score
0.002
Published
2024-08-16
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.
CVSS Score
9.8
EPSS Score
0.165
Published
2024-08-16
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3.
CVSS Score
5.0
EPSS Score
0.008
Published
2024-08-16
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
CVSS Score
4.6
EPSS Score
0.291
Published
2024-08-16
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
CVSS Score
3.7
EPSS Score
0.02
Published
2024-08-16
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
CVSS Score
3.5
EPSS Score
0.002
Published
2024-08-16
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
CVSS Score
4.6
EPSS Score
0.291
Published
2024-08-16