CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/02/06 9:21 a.m.•17 views

CVE-2024-24938

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation...

5.3CVSS6.9AI score0.00743EPSS

Cvelist•added 2024/02/06 9:21 a.m.•20 views

CVE-2024-24938

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation...

5.3CVSS5.6AI score0.00743EPSS

CNNVD•added 2024/02/06 12:0 a.m.•6 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a directory...

5.3CVSS7AI score0.00743EPSS

Exploits0References2

Amazon•added 2024/02/06 12:0 a.m.•4 views

Low: redis6

Issue Overview: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time,...

3.6CVSS8AI score0.00444EPSS

Exploits0

CNNVD•added 2024/02/06 12:0 a.m.•4 views

RustDesk Security Breach

RustDesk is a remote access and remote control software, mainly written in Rust, to remotely maintain computers and other devices. A security vulnerability exists in RustDesk version 1.2.3, which stems from the lack of public documentation on private key security measures...

9.8CVSS6.8AI score0.00509EPSS

Exploits1References4

IBM Security Bulletins•added 2024/02/05 11:44 a.m.•31 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2023-5408)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that may allow an attacker to modify restricted node labels and bypass the node restriction admission plugin CVE-2023-5408. Vulnerability Details CVEID: CVE-2023-5408 Description: OpenShift...

7.2CVSS7.2AI score0.01112EPSS

Exploits0Affected Software1

Positive Technologies•added 2024/02/05 12:0 a.m.•4 views

PT-2024-20676 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.11.2 Description: The issue allows for limited directory traversal in the Kotlin DSL documentation. Recommendations: For versions prior to 2023.11.2, update to version 2023.11.2 or later to resolve th...

5.3CVSS6.9AI score0.00743EPSS

Exploits0References8

Wallarm Lab•added 2024/02/03 2:13 a.m.•19 views

Blocking Compromised Tokens with Wallarm

In our Annual API ThreatStats report, we highlighted the increasing threat of API Leaks. An API Leak is the disclosure of sensitive API information, such as a token, credential, or private schema. These leaks can occur directly via the API itself, but also via third party tools used to manage...

OSV•added 2024/02/03 12:3 a.m.•9 views

Exploits0

GHSA-J86V-2VJR-FG8F Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

Github Security Blog•added 2024/02/03 12:3 a.m.•18 views

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Github Security Blog•added 2024/02/03 12:2 a.m.•25 views

Etcd pkg Insecure ciphers are allowed by default

Vulnerability type Cryptography Detail The TLS ciphers list supported by etcd contains insecure cipher suites. Users can configure the desired ciphers using the “--cipher-suites” flag, and a default list of secure cipher suites is used if empty. Workarounds By default, no action is required. If...

7AI score

OSV•added 2024/02/03 12:2 a.m.•9 views

GHSA-5X4G-Q5RC-36JP Etcd pkg Insecure ciphers are allowed by default

7AI score

Exploits0References2

GitLab Advisory Database•added 2024/02/03 12:0 a.m.•16 views

Duplicate

This advisory duplicates another...

5.9AI score

GitLab Advisory Database•added 2024/02/03 12:0 a.m.•7 views

Etcd Gateway TLS endpoint validation only confirms TCP reachability

GitLab Advisory Database•added 2024/02/03 12:0 a.m.•17 views

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Rapid7 Blog•added 2024/02/02 8:14 p.m.•49 views

Metasploit Weekly Wrap-Up 02/02/2024

Shared RubySMB Service Improvements This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register their own unique shares and files. SMB modules can also now be executed...

7.5CVSS9.6AI score0.97106EPSS

Exploits22

Patchstack•added 2024/02/02 12:0 a.m.•15 views

WordPress Knowledge Base for Documentation, FAQs with AI Assistance Plugin <= 11.30.2 is vulnerable to PHP Object Injection

Software Knowledge Base for Documentation, FAQs with AI Assistance Type Plugin Vulnerable versions = 11.30.2 Fixed in 11.31.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24842 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 6e74033eecde...

8.7CVSS6.8AI score0.00465EPSS