Security Vulnerabilities - CVEs Published In August 2024
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
CVSS Score
4.6
EPSS Score
0.25
Published
2024-08-16
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
CVSS Score
3.7
EPSS Score
0.02
Published
2024-08-16
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
CVSS Score
3.5
EPSS Score
0.002
Published
2024-08-16
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
CVSS Score
4.6
EPSS Score
0.292
Published
2024-08-16
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway resources being able to access secrets for longer than intended, or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended. This issue has been patched in Cilium v1.15.8 and v1.16.1. As a workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-08-16
The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-08-16
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-08-16
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-08-16
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.002
Published
2024-08-16
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-08-16