In Nextcloud Server versions prior to 26.0.12, 27.1.7 and 28.0.3 a medium severity vulnerability CVE-2024-37884 was detected. This vulnerability allows malicious users to delete old versions of files they only have read permissions for. To address this issue, it is recommended to upgrade Nextcloud Server to version 26.0.12, 27.1.7, or 28.0.3, and Nextcloud Enterprise Server to the same versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37884.
Read more Storage
In Nextcloud Server versions prior to 26.0.12, 27.1.7 and 28.0.3 a medium severity vulnerability CVE-2024-37315 was detected. This vulnerability allows attackers with read-only access to restore older versions of a document if the files_versions app is enabled. To address this issue, it is recommended to upgrade to Nextcloud Server version to 26.0.12, 27.1.7 or 28.0.3 and the Nextcloud Enterprise Server versions to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3 For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37315.
Read more Storage
In Nextcloud Server a high severity vulnerability CVE-2024-37882 was detected. A recipient with read and share permissions can grant themselves additional permissions when resharing the item. To fix this issue, it is recommended to upgrade Nextcloud Server to version 26.0.13, 27.1.8, or 28.0.4, and Nextcloud Enterprise Server to the same versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37882.
Read more Storage
In Vault and Vault Enterprise versions prior to 1.17.1 and 1.16.5 a medium severity vulnerability CVE-2024-6468 was detected. This vulnerability allows attackers to avoid security barriers and gain access to protected user information. To fix this problem, users should upgrade Vault and Vault Enterprise to versions 1.17.2, 1.16.6, and 1.15.12. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6468.
Read more Security
In OpenVPN versions 2.6.10 a high severity vulnerability CVE-2024-28882 was detected. This vulnerability allows attackers, who already have access, to mess up the server’s ability to close connections. To fix this problem, users should upgrade OpenVPN to version 2.6.11. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-28882.
In OpenVPN version 2.6.9 a high severity vulnerability CVE-2024-27459 was detected. This vulnerability allows attackers to gain higher system privileges by sending oversized messages, which can cause the service to malfunction and grant unauthorized access. To fix this problem, users should upgrade OpenVPN to version 2.6.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27459.
Read more Security
In OpenVPN version 2.6.9 a high severity vulnerability CVE-2024-24974 was detected. This vulnerability allows attackers to connect to and interact with this service, potentially gaining unauthorized access to the OpenVPN service. To fix this problem, users should upgrade OpenVPN to version 2.6.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-24974.
Read more Security
In OpenVPN versions 2.6.9 and earlier a high severity vulnerability CVE-2024-27903 was detected. The plug-ins on Windows can be loaded from any directory, which allows an attacker to load an arbitrary plug-in, enabling interaction with the privileged OpenVPN interactive service. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27903.
Read more Security
In Authentik a high severity vulnerability CVE-2024-38371 was detected. This vulnerability allows attackers to get access to the system. To address this issue, users must update to versions 2024.6.0, 2024.2.4, and 2024.4.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38371/.
Read more Security