In HAProxy versions 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 a medium severity vulnerability CVE-2024-49214 was detected. This vulnerability allows attackers to open a 0-RTT session with a spoofed IP address, bypassing the IP allow/block list functionality. To address this issue, update to version 3.1-dev7, 3.0.5, or 2.9.11. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-49214.
Read more Application Development
In Next.js versions 10.x, 11.x, 12.x, 13.x, and 14.x prior to version 14.2.7 a medium severity vulnerability CVE-2024-47831 was detected. This vulnerability allows attackers to trigger a Denial of Service condition, potentially causing excessive CPU consumption. To address this issue, update Next.js to version 14.2.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47831.
Read more Application Development
In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a medium severity vulnerability CVE-2024-45135 was detected. This vulnerability allows attackers with admin access to bypass security measures in Adobe Commerce, so it’s essential to upgrade and review admin rights regularly. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45135.
Read more E-commerce
In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a low severity vulnerability CVE-2024-45134 was detected. This vulnerability allows an admin attacker to bypass security features, potentially exposing sensitive information and aiding further attacks. To fix this problem, users should upgrade to version 2.4.7-p3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45134.
Read more E-commerce
In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 a high severity vulnerability CVE-2024-45132 was detected. This vulnerability allows attackers to gain unauthorized access to higher privileges, potentially compromising sensitive information. To fix this issue, users should upgrade Adobe Commerce to versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45132.
Read more E-commerce
In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a medium severity vulnerability CVE-2024-45149 was detected. This vulnerability allows low-privileged attackers to bypass security features, potentially compromising confidentiality. Exploitation does not require user interaction. Currently, there is no fix version for this issue.For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45149.
Read more E-commerce
In Magento (Adobe Commerce) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier a medium severity vulnerability CVE-2024-45148 was detected. This vulnerability allows attackers to bypass security features and gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45148.
Read more E-commerce
In GitLab EE versions 12.5 prior to 17.2.9, 17.3 prior to 17.3.5, and 17.4 prior to 17.4.2 a critical severity vulnerability CVE-2024-9164 was detected. This vulnerability allows attackers to run pipelines on arbitrary branches. To fix this issue, users must upgrade to versions 17.2.9, 17.3.5, or 17.4.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9164.
Read more Developer Tools
In GitLab CE/EE versions 11.6 prior to 17.2.9, 17.3 prior to 17.3.5, and 17.4 prior to 17.4.2 a high severity vulnerability CVE-2024-8970 was detected. This vulnerability allows attackers to trigger a pipeline as another user under certain circumstances. To fix this issue, users must upgrade to versions 17.2.9, 17.3.5, or 17.4.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8970.
Read more Developer Tools