Security Vulnerabilities - CVEs Published In 2024
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
CVSS Score
5.3
EPSS Score
0.0
Published
2024-12-20
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
CVSS Score
4.3
EPSS Score
0.0
Published
2024-12-20
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
CVSS Score
6.3
EPSS Score
0.001
Published
2024-12-20
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
CVSS Score
4.6
EPSS Score
0.134
Published
2024-12-20
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
CVSS Score
4.3
EPSS Score
0.0
Published
2024-12-20
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-12-20
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement.
CVSS Score
9.0
EPSS Score
0.002
Published
2024-12-20
There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exposed on the drive’s circuit board. Due to the wide cutout of the enclosures, the JTAG port can be accessed without having to open the disk enclosure. Utilizing the JTAG debug port, an attacker with (temporary) physical access can get full access to the firmware and memory on the 2 main CPU cores within the drive including the execution of arbitrary code, the modification of firmware execution flow and data or bypassing the firmware signature verification during boot-up.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-12-20
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-12-20
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.7
EPSS Score
0.001
Published
2024-12-20