In Sonatype Nexus Repository versions 3.0.0 through 3.72.0 a medium severity vulnerability CVE-2024-5764 was detected. This vulnerability allows attackers to exploit hard-coded encryption passphrases in the repository’s configuration database, compromising the security of stored secrets like SMTP, HTTP proxy credentials, and user tokens. Currently, there is no patch version for this vurnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5764.
Read more Developer Tools
In Nginx UI versions prior to 2.0.0-beta.36 a high severity vulnerability CVE-2024-49368 was detected. This vulnerability allows attackers to execute arbitrary commands by exploiting improper input validation in the logrotate configuration. To fix this issue, users must upgrade to version 2.0.0-beta.36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-49368.
Read more Application Development
In OneDev versions prior to 11.0.9 a high severity vulnerability CVE-2024-45309 was detected. This vulnerability allows attackers to read arbitrary files accessible by the OneDev server process, even without authentication. To fix this issue, users must upgrade to version 11.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45309.
Read more Developer Tools
In OpenShift GraphQL introspection feature a medium severity vulnerability CVE-2024-50312 was detected. This vulnerability lets unauthorized users access introspection, exposing all available queries and mutations, which increases attack risk. To temporarily fix this, disable GraphQL introspection in OpenShift Console settings; this may limit some development tools. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-50312.
Read more Developer Tools
In GitLab versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1 a medium severity vulnerability CVE-2024-6826 was detected. Attackers can exploit this vulnerability by importing a malicious XML file, potentially causing a denial of service (DoS). To fix this issue, users are advised to upgrade to versions 17.3.6 or above, 17.4.3 or above, 17.5.1 or above. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-6826.
Read more Developer Tools
In Python versions prior to 3.13.0 a high severity vulnerability CVE-2024-9287 was detected. This vulnerability in CPython’s venv module allows attackers to add harmful commands to virtual environments, which run when activated. Only environments created by attackers are at risk. To fix this issue, users are advised to upgrade to version 3.13.0 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-9287.
Read more Application Development
In Umbraco versions 13.x before 13.5.2, 10.x before 10.8.7, and 8.x before 8.18.15 a medium severity vulnerability CVE-2024-48927 was detected. This vulnerability allows attackers to execute code remotely when Backoffice users “preview” SVG files in full-screen mode. To address this issue, update to versions 13.5.2, 10.8.7, or 8.18.15. As a workaround, enable server-side file validation to strip script tags from the content during file uploads. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-48927.
Read more CMS
In Umbraco versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7 a medium severity vulnerability CVE-2024-48929 was detected. This vulnerability allows attackers to exploit incomplete session termination during explicit sign-outs. To address this issue, users are advised to update to versions 13.5.2 or 10.8.7. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-48929.
Read more CMS
In Nagios XI versions before 2024R1 a critical severity vulnerability CVE-2023-48082 was detected. This vulnerability allows attackers to generate identical API keys for all users, enabling unauthorized authentication. To address this issue, update to Nagios XI 2024R1 or later. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-48082.
Read more Monitoring