) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2024-4358 |
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. Published: May 29, 2024; 11:16:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36470 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases Published: May 29, 2024; 10:15:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36378 |
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens Published: May 29, 2024; 10:15:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36377 |
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions Published: May 29, 2024; 10:15:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36376 |
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions Published: May 29, 2024; 10:15:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36375 |
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed Published: May 29, 2024; 10:15:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36374 |
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible Published: May 29, 2024; 10:15:24 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36373 |
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible Published: May 29, 2024; 10:15:24 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36372 |
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible Published: May 29, 2024; 10:15:24 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36371 |
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible Published: May 29, 2024; 10:15:24 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36370 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible Published: May 29, 2024; 10:15:24 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36369 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible Published: May 29, 2024; 10:15:23 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36368 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible Published: May 29, 2024; 10:15:23 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36367 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible Published: May 29, 2024; 10:15:23 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36366 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations Published: May 29, 2024; 10:15:23 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36365 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent Published: May 29, 2024; 10:15:22 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36364 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible Published: May 29, 2024; 10:15:22 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36363 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible Published: May 29, 2024; 10:15:22 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-36362 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible Published: May 29, 2024; 10:15:22 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-25975 |
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal). Published: May 29, 2024; 10:15:21 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |