Our news and updates

In Nginx UI versions 2.0.0-beta.35 and earlier a high severity vulnerability CVE-2024-49366 was detected. This vulnerability allows attackers to exploit unverified JSON input to write arbitrary files to the server, potentially resulting in a loss of permissions. To fix this issue, users must upgrade to version 2.0.0-beta.26. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-49366.

In Rancher versions >= 2.6.0, < 2.6.14, >= 2.7.0, < 2.7.10, >= 2.8.0, < 2.8.2 a high severity vulnerability CVE-2023-32194 was detected. This vulnerability allows users with a create or * global role for “namespaces” to access, create, update, or delete core namespaces, potentially compromising project security. To fix this problem, users should upgrade to the versions 2.6.14, 2.7.10, 2.8.2 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-32194.

In Rancher version < 0.0.0-20240207153957-4fd7d821d952 a high severity vulnerability CVE-2023-32192 was detected. This vulnerability allows attackers to exploit unauthenticated cross-site scripting (XSS) in the public API, enabling them to execute arbitrary JavaScript code in a victim’s browser. To fix this problem, users should upgrade to the version 0.0.0-20240207153957-4fd7d821d952. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-32192.

In MongoDB Server versions 6.0 (prior to 6.0.17), 7.0 (prior to 7.0.13), and 7.3 (prior to 7.3.4) a medium severity vulnerability CVE-2024-8305 was detected. This vulnerability allows attackers to trigger crashes in secondary nodes by incorrectly enforcing index constraints. In extreme cases, multiple secondaries may crash, potentially leaving no primaries available. To address this issue, update to the latest fixed versions: 6.0.17, 7.0.13, or 7.3.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8305.

In VMware HCX (Hybrid Cloud Extension) versions 4.8.0 – 4.8.2 and 4.9.0 – 4.9.1 a high severity vulnerability CVE-2024-38814 was detected. This vulnerability allows authenticated attackers with non-administrator privileges to execute specially crafted SQL queries, potentially leading to unauthorized remote code execution on the HCX Manager. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38814.

In NGINX versions prior to 2.0.0-beta.36 a high severity vulnerability CVE-2024-49368 was found. This vulnerability in Nginx UI allows attackers to run harmful commands by sending unverified input, leading to serious security risks. To fix this issue, users are advised to upgrade to version 2.0.0-beta.36. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-49368.

In Rancher versions >= 2.6.0, < 2.6.14, >= 2.7.0, < 2.7.10, >= 2.8.0, < 2.8.2 a high severity vulnerability CVE-2023-22649 was detected. This vulnerability may expose sensitive data in Rancher’s audit logs if audit logging is enabled and the audit level is set to 1 or above. To fix this problem, users should upgrade to the latest version 2.6.14, 2.7.10 and 2.8.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-22649.

In WordPress versions before 6.0.2 a medium severity vulnerability CVE-2024-4973 was detected. This vulnerability allows attackers to insert malicious code into posts or pages, which runs when someone views them, potentially compromising the site’s security. To fix this issue, users should upgrade WordPress to version 6.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-4973.

In WordPress versions up to and including 2.0.6 a high severity vulnerability CVE-2024-4443 was detected. This vulnerability allows attackers to create malicious files on the site, potentially giving them control over the website. To fix this issue, users should upgrade WordPress to version 6.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-4443.