In Rancher versions >= 2.6.0, < 2.6.14, >= 2.7.0, < 2.7.10, >= 2.8.0, < 2.8.2 a high severity vulnerability CVE-2023-22649 was detected. This vulnerability may expose sensitive data in Rancher’s audit logs if audit logging is enabled and the audit level is set to 1 or above. To fix this problem, users should upgrade to the latest version 2.6.14, 2.7.10 and 2.8.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-22649.
Read more Data Analytics
In WordPress versions before 6.0.2 a medium severity vulnerability CVE-2024-4973 was detected. This vulnerability allows attackers to insert malicious code into posts or pages, which runs when someone views them, potentially compromising the site’s security. To fix this issue, users should upgrade WordPress to version 6.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-4973.
Read more CMS
In Grafana version 11.0.0 and prior a critical severity vulnerability CVE-2024-9264 was detected. The SQL Expressions feature in Grafana allows poorly sanitized duckdb queries with user input, leading to command injection and local file inclusion. Users with VIEWER or higher permissions can exploit this if the duckdb binary is in Grafana’s $PATH. To fix this issue, users need to update to versions 11.0.5, 11.1.6, 11.2.1, 11.0.6, 11.1.7, or 11.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-9264.
In Rancher versions 2.7.0 and prior, 2.8.0 and prior a medium severity vulnerability CVE-2024-21218 was detected. This vulnerability allows RKE1 clusters to repeatedly reconcile when secret encryption is enabled, exposing Kube API secret values in plaintext on the AppliedSpec. Cluster owners, members, and project members can access this data through the apiserver. To fix this issue, users are advised to upgrade to versions 2.7.14 and 2.8.5. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-22032.
Read more Developer Tools
In Rancher versions >=2.7.0, < 2.7.14, >=2.8.0, <2.8.5 a high severity vulnerability CVE-2023-22650 was detected. This vulnerability allows deleted, disabled, or revoked users from an authentication provider to retain access in Rancher, leaving their tokens still usable. To fix this problem, users should upgrade to the latest version 2.7.14 and 2.8.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-22650.
Read more Data Analytics
In MariaDB version 11.1 a medium severity vulnerability CVE-2024-27766 was detected. This vulnerability allows remote attackers to execute arbitrary code through the lib_mysqludf_sys.so function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27766.
In MariaDB versions 10.5 a medium severity vulnerability CVE-2023-39593 was detected. This vulnerability allows authenticated attackers to execute arbitrary commands with elevated privileges. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39593.
Read more Database
In MySQL versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior a medium severity vulnerability CVE-2024-21218 was detected. This vulnerability allows attackers with high privileges and network access to cause a MySQL server crash, resulting in a denial of service (DoS). Currently, there’s no patch version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-21218.
Read more Database
In BigBlueButton versions up to and including 3.0.0-beta.4 a medium severity vulnerability CVE-2023-7296 was detected. This vulnerability allows attackers with author privileges or higher to inject arbitrary web scripts through the moderator code and viewer code fields. If successful, these scripts execute when users perform specific actions, such as clicking on a malicious link. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-7296.
Read more Communication