In Kubernetes versions prior to 1.28.11, and from 1.29.0 to 1.29.6 and 1.30.0 to 1.30.2 a high severity vulnerability CVE-2024-10220 was detected. This vulnerability allows attackers to execute arbitrary commands via specially crafted gitRepo volumes, potentially compromising the affected system. To fix this issue, users should upgrade Kubernetes to versions 1.28.12, 1.29.7, 1.30.3. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10220.
Read more Developer Tools
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26 and 8.3.* before 8.3.14 a critical severity vulnerability CVE-2024-11236 was detected. This vulnerability allows attackers to exploit long string inputs to cause system crashes or execute malicious actions. To fix this issue, users should upgrade PHP to versions 8.1.31, 8.2.26, or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11236.
Read more Web Development
In LibreNMS versions before 24.10.0 a medium severity vulnerability CVE-2024-50352 was detected. This vulnerability allows attackers to inject malicious JavaScript through the “name” field in the “Services” section. To address this issue, update to LibreNMS version 24.10.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-50352.
Read more Monitoring
In LibreNMS versions before 24.10.0 a medium severity vulnerability CVE-2024-50355 was detected. This vulnerability allows attackers with Admin role to inject JavaScript code into the device Display Name, which is not properly sanitized. The injected code can be triggered from different sources. To address this issue, update to LibreNMS version 24.10.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-50355.
Read more Monitoring
In LibreNMS versions before 24.10.0 a medium severity vulnerability CVE-2024-51494 was detected. This vulnerability allows authenticated users to inject arbitrary JavaScript through the “descr” parameter when editing a device’s port settings on the “Port Settings” page. The injected code can be executed when the page is visited, potentially compromising the user’s session and enabling unauthorized actions. To address this issue, update to LibreNMS version 24.10.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-51494.
Read more Monitoring
In Django CMS versions before 4.0 a medium severity vulnerability CVE-2024-11406 was detected. This vulnerability allows Stored Cross-Site Scripting (XSS) through improper neutralization of input in Django CMS Attributes Fields. To address this issue, update to Django CMS version 4.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11406.
Read more Application Development
In Authentik versions prior to 2024.8.5 a medium severity vulnerability CVE-2024-52287 was detected. This vulnerability allows attackers to obtain OAuth tokens with unauthorized scopes using client_credentials or device_code grants. These tokens could be used to perform malicious actions in trusted systems. To fix this issue, users need to update to versions 2024.8.5 or 2024.10.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-52287.
Read more Security
In Harbor versions prior to 2.7.0 a high severity vulnerability CVE-2022-31668 was detected. This vulnerability allows attackers to modify P2P preheat policies in projects they don’t have permission to access. To fix this issue, users should upgrade Harbor to version 2.7.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2022-31668.
Read more Developer Tools
In Dolibarr versions prior to 15.0.0 a medium severity vulnerability CVE-2021-3991 was found. This vulnerability lets attackers view sensitive reception details by accessing specific URLs without proper permissions. To fix this issue, users are advised to upgrade to version 15.0.0 or above. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2021-3991.
Read more ERP