In Rancher versions >=2.7.0, < 2.7.14, >=2.8.0, <2.8.5 a high severity vulnerability CVE-2023-22650 was detected. This vulnerability allows deleted, disabled, or revoked users from an authentication provider to retain access in Rancher, leaving their tokens still usable. To fix this problem, users should upgrade to the latest version 2.7.14 and 2.8.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-22650.
Read more Data Analytics
In MariaDB version 11.1 a medium severity vulnerability CVE-2024-27766 was detected. This vulnerability allows remote attackers to execute arbitrary code through the lib_mysqludf_sys.so function. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27766.
In MariaDB versions 10.5 a medium severity vulnerability CVE-2023-39593 was detected. This vulnerability allows authenticated attackers to execute arbitrary commands with elevated privileges. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39593.
Read more Database
In MySQL versions 8.0.39 and prior, 8.4.2 and prior, and 9.0.1 and prior a medium severity vulnerability CVE-2024-21218 was detected. This vulnerability allows attackers with high privileges and network access to cause a MySQL server crash, resulting in a denial of service (DoS). Currently, there’s no patch version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-21218.
Read more Database
In BigBlueButton versions up to and including 3.0.0-beta.4 a medium severity vulnerability CVE-2023-7296 was detected. This vulnerability allows attackers with author privileges or higher to inject arbitrary web scripts through the moderator code and viewer code fields. If successful, these scripts execute when users perform specific actions, such as clicking on a malicious link. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-7296.
Read more Communication
In Ansible version 2 a medium severity vulnerability CVE-2024-10033 was detected. This vulnerability allows attackers to inject malicious scripts, redirect users, or steal sessions and data by exploiting the “?next=” parameter in a URL. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10033.
Read more IT Business Management
In Rancher versions 2.7.0 to 2.7.14, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.1 a high severity vulnerability CVE-2024-22030 was detected. This vulnerability allows attackers to exploit a man-in-the-middle attack by controlling an expired domain or performing DNS spoofing/hijacking against the Rancher URL. To fix this issue, users must upgrade to versions 2.7.15, 2.8.8, or 2.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-22030.
Read more Developer Tools
In Rancher versions 2.7.0 to 2.7.13 and 2.8.0 to 2.8.4 a high severity vulnerability CVE-2023-32196 was detected. This vulnerability allows attackers to escalate privileges due to improper enforcement of privilege escalation checks for RoleTemplate objects when external=true. To fix this issue, users must upgrade to versions 2.7.14 or 2.8.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-32196.
Read more Developer Tools
In MySQL versions prior to 8.0.39, prior to 8.4.2, and prior to 9.0.1 a medium severity vulnerability CVE-2024-21238 was detected. This vulnerability allows attackers to cause the MySQL server to freeze or crash, preventing users from accessing their data and services. To fix this issue, users should upgrade MySQL to versions 8.0.40, 8.4.3, or 9.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-21238.
Read more Database