In Liferay Portal versions 7.1.0 through 7.4.3.38 and Liferay DXP versions 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28 a medium severity vulnerability CVE-2024-11993 was detected. This vulnerability allows attackers to inject malicious code into a web page, which can then steal sensitive information or trick users into performing unwanted actions. To fix this issue, users should upgrade Liferay Portal to versions 7.4.3.39 and later and Liferay DXP to versions, 7.4 update 39 and later, 7.3 update 37 and later, 7.2 fix pack 21 and later, 7.1 fix pack 29 and later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11993.
Read more CMS
In Mattermost versions 10.1.x up to 10.1.2, 10.0.x up to 10.0.2, 9.11.x up to 9.11.4, and 9.5.x up to 9.5.12 a medium severity vulnerability CVE-2024-54682 was detected. This vulnerability allows attackers to upload specially crafted files (zip bombs) that can overload and crash the system, causing it to stop working properly. To fix this issue, users should upgrade Mattermost to versions 10.1.3, 10.0.3, 9.11.5 and 9.5.13. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-54682.
Read more Communication
In GeoServer versions prior to 2.26.0 a medium severity vulnerability CVE-2024-35230 was detected. This vulnerability allows attackers to identify software and components used by the server via the welcome and about pages, potentially aiding in targeted attacks. To address this issue, users should upgrade GeoServer to version 2.26.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35230.
Read more Database
In GitLab CE/EE versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 a high severity vulnerability CVE-2024-8233 was detected. This vulnerability allows attackers to cause a denial of service by sending requests for diff files on a commit or merge request. To address this issue, users should upgrade GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8233.
Read more Developer Tools
In GitLab CE/EE versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 a medium severity vulnerability CVE-2024-8179 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks if Content Security Policy (CSP) is not enabled. To address this issue, users should upgrade GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8179.
Read more Developer Tools
In the GitLab versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 a medium severity vulnerability CVE-2024-8647 was detected. This vulnerability allows attackers to steal the anti-CSRF token from self-hosted GitLab installations with Harbor integration enabled, potentially allowing them to perform unauthorized actions on behalf of users. To fix this issue, users should upgrade GitLab to versions 17.6.2, 17.5.4, 17.4.6. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-8647.
Read more Developer Tools
In the GitLab versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 a medium severity vulnerability CVE-2024-9367 was detected. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU resources while parsing templates to generate changelogs. To fix this issue, users should upgrade GitLab to versions 17.6.2, 17.5.4, 17.4.6. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-9367.
Read more Developer Tools
In GitLab EE versions starting from 14.3 before 17.4.6, from 17.5 before 17.5.4, from 17.6 before 17.6.2 a low severity vulnerability CVE-2024-10043 was detected. This vulnerability allows attackers to access confidential incident titles through the Wiki History Diff feature, potentially exposing sensitive information. To address this issue, users should upgrade GitLab EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10043.
Read more Developer Tools
In GitLab CE/EE versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 a medium severity vulnerability CVE-2024-9387 was detected. This vulnerability allows attackers to perform an open redirect via a specific releases API endpoint. To address this issue, users should upgrade GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9387.
Read more Developer Tools