In OpenVPN version 2.6.9 a high severity vulnerability CVE-2024-24974 was detected. This vulnerability allows attackers to connect to and interact with this service, potentially gaining unauthorized access to the OpenVPN service. To fix this problem, users should upgrade OpenVPN to version 2.6.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-24974.
Read more SecurityIn OpenVPN versions 2.6.9 and earlier a high severity vulnerability CVE-2024-27903 was detected. The plug-ins on Windows can be loaded from any directory, which allows an attacker to load an arbitrary plug-in, enabling interaction with the privileged OpenVPN interactive service. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27903.
Read more SecurityIn OpenVPN versions 2.6.10 a high severity vulnerability CVE-2024-28882 was detected. This vulnerability allows attackers, who already have access, to mess up the server’s ability to close connections. To fix this problem, users should upgrade OpenVPN to version 2.6.11. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-28882.
In OpenVPN version 2.6.9 a high severity vulnerability CVE-2024-27459 was detected. This vulnerability allows attackers to gain higher system privileges by sending oversized messages, which can cause the service to malfunction and grant unauthorized access. To fix this problem, users should upgrade OpenVPN to version 2.6.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27459.
Read more SecurityIn Authentik a high severity vulnerability CVE-2024-38371 was detected. This vulnerability allows attackers to get access to the system. To address this issue, users must update to versions 2024.6.0, 2024.2.4, and 2024.4.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38371/.
Read more SecurityIn Authentik a high severity vulnerability CVE-2024-37905 was detected. This vulnerability allows attackers to get admin access. To address this issue, users should update Authentik to versions 2024.6.0, 2024.2.4, and 2024.4.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37905/.
Read more SecurityIn FreeIPA a high severity vulnerability CVE-2024-2698 was detected. This vulnerability allows attackers to get access by bypassing the authorization. There is not solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-2698/.
Read more SecurityIn Keycloak a low severity vulnerability CVE-2024-5967 was detected. This flaw in the LDAP testing endpoint of Keycloak allows an attacker with admin access to change the LDAP connection URL to their server, potentially exposing domain credentials. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5967/.
Read more SecurityIn FreeIPA involving Kerberos TGS-REQ (Ticket Granting Service Request) a high severity vulnerability CVE-2024-3183 was detected. It allows attackers who compromise a principal to potentially decrypt tickets encrypted with other principals’ keys. By offline brute-force attacks on stolen tickets and salts, attackers could find passwords and decrypt these tickets. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3183.
Read more Security