In Vault and Vault Enterprise versions prior to 1.17.1 and 1.16.5 a medium severity vulnerability CVE-2024-6468 was detected. This vulnerability allows attackers to avoid security barriers and gain access to protected user information. To fix this problem, users should upgrade Vault and Vault Enterprise to versions 1.17.2, 1.16.6, and 1.15.12. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6468.
Read more Security
In OpenVPN version 2.6.10 a high severity vulnerability CVE-2024-28882 was detected. This vulnerability allows attackers, who already have access, to mess up the server’s ability to close connections. To fix this problem, users should upgrade OpenVPN to version 2.6.11. For more details, visit here.
Read more Security
In OpenVPN version 2.6.9 a high severity vulnerability CVE-2024-27459 was detected. This vulnerability allows attackers to gain higher system privileges by sending oversized messages, which can cause the service to malfunction and grant unauthorized access. To fix this problem, users should upgrade OpenVPN to version 2.6.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27459.
Read more Security
In OpenVPN version 2.6.9, a high-severity vulnerability CVE-2024-24974 was detected. This vulnerability allows attackers to connect to and interact with this service, potentially gaining unauthorized access to the OpenVPN service. To fix this problem, users should upgrade OpenVPN to version 2.6.10. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-24974.
Read more Security
In OpenVPN versions 2.6.9 and earlier a high severity vulnerability CVE-2024-27903 was detected. The plug-ins on Windows can be loaded from any directory, which allows an attacker to load an arbitrary plug-in, enabling interaction with the privileged OpenVPN interactive service. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27903.
Read more Security
In Authentik a high severity vulnerability CVE-2024-38371 was detected. This vulnerability allows attackers to get access to the system. To address this issue, users must update to versions 2024.6.0, 2024.2.4, and 2024.4.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38371/.
Read more Security
In Authentik a high severity vulnerability CVE-2024-37905 was detected. This vulnerability allows attackers to get admin access. To address this issue, users must update to versions 2024.6.0, 2024.2.4, and 2024.4.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37905/.
Read more Security
In Keycloak a high severity vulnerability CVE-2024-6162 was detected. This vulnerability allows attackers to cause a denial of service. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6162/.
Read more Security
In FreeIPA a high severity vulnerability CVE-2024-2698 was detected. This vulnerability allows attackers to get access by bypassing the authorization. There is not solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-2698/.
Read more Security