Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-36992 | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. | 5.4 |
| 2024-07-01 | CVE-2024-36993 | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. | 5.4 |
| 2024-07-01 | CVE-2024-36994 | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. | 5.4 |
| 2024-07-01 | CVE-2024-36996 | Information Exposure Through Discrepancy vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. | 5.3 |
| 2024-07-01 | CVE-2024-39878 | Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | 5.3 |
| 2024-07-01 | CVE-2024-39879 | Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | 5.3 |
| 2024-07-01 | CVE-2024-36422 | Cross-site Scripting vulnerability in Flowiseai Flowise 1.4.3 Flowise is a drag & drop user interface to build a customized large language model flow. | 6.1 |
| 2024-07-01 | CVE-2024-21460 | Use of Insufficiently Random Values vulnerability in Qualcomm products Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space. | 6.5 |
| 2024-07-01 | CVE-2024-21462 | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS while loading the TA ELF file. | 5.5 |
| 2024-07-01 | CVE-2024-34696 | Unspecified vulnerability in Geoserver GeoServer is an open source server that allows users to share and edit geospatial data. | 4.9 |