Improper Control of Code Generation (‘Code Injection’) vulnerability CVE-2024-31864 was detected in all versions of Apache Zeppelin before 0.11.1. This vulnerability allows attackers to inject sensitive configuration or malicious code when connecting MySQL database via Java Database Connectivity driver. The issue is resolved in version 0.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31864/.
Read more Graphic DesignIn GitLab CE/EE all versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a high severity vulnerability CVE-2024-3092 was detected. This issue allows attackers to do things on someone else’s behalf by injecting a harmful code. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-3092/.
Read more Developer ToolsIn Apache Zeppelin versions from 0.10.1 before 0.11.0 an Improper Input Validation vulnerability CVE-2024-31862 was detected, particularly when creating a new note through Zeppelin’s user interface. The issue is fixed in version 0.11.0. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31862.
Read more Graphic DesignIn Ghost through 5.76.0 version a low severity vulnerability CVE-2024-23724 was detected. Due to this vulnerability, someone could use a special image to run harmful code, potentially taking control of any account. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-23724/.
Read more CMSIn Apache Zeppelin versions from 0.10.1 before 0.11.1 an exploitable vulnerability CVE-2024-31861 known as “Improper Control of Generation of Code” (‘Code Injection’), was detected. It allows attackers to inject malicious code through the Shell interpreter, potentially leading to the unauthorized execution of commands. Users are recommended to upgrade to version 0.11.1, which doesn’t have Shell interpreter by default. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31861.
Read more Graphic DesignIn FreeIPA a medium severity vulnerability CVE-2024-1481 was detected. This issue may cause some failures in authentication processes, but it does not allow anyone to access sensitive data or damage the integrity of the system. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-1481.
Read more SecurityIn Apache Zeppelin versions from 0.9.0 before 0.11.0 a low severity vulnerability CVE-2024-31860 was detected. Due to the issue, attackers can gain access to files on the server by using symbols that show the file’s location to other files. It’s recommended to upgrade to version 0.11.0 to fix the vulnerability. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31860.
Read more Graphic DesignIn HTTP/1.1 client for Node.js (Undici), a low severity vulnerability CVE-2024-30261 was detected. This vulnerability allows attackers to change a setting to make their fake requests look real, allowing them to sneak in harmful alterations undetected. However, there’s no confidentiality or availability impact. The issue is fixed in versions 5.28.4 and 6.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-30261.
Read more Application DevelopmentIn GitLab Enterprise Edition versions before 16.8.6 as well as versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a medium vulnerability CVE-2023-6678 was detected. It allows attackers to crash a system by putting harmful stuff in a junit test report file. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-6678.
Read more Developer Tools