In GitLab versions starting from 8.16 up to 17.2.8, versions 17.3 prior to 17.3.5, and versions 17.4 prior to 17.4.2 a medium severity vulnerability related to deploy keys CVE-2024-9623 was detected. This vulnerability allows attackers to push code to an archived repository, potentially leading to unauthorized changes or data breaches. To fix this issue, users should upgrade GitLab to versions 17.2.9, 17.3.5, or 17.4.2. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-9623.
Read more Developer Tools
In Redis versions prior to 7.2.6 and 7.4.1 a medium severity vulnerability CVE-2024-31227 was detected. An authenticated user with sufficient privileges can create a malformed ACL selector in Redis, triggering a server panic and causing a denial of service. To fix this problem, users should upgrade to versions 7.2.6 and 7.4.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-31227.
Read more Database
In Redis versions prior to 6.2.16, 7.2.6 and 7.4.1 a medium severity vulnerability CVE-2024-31228 was detected. Authenticated users can trigger a denial-of-service in Redis by using specially crafted long string match patterns on certain commands, leading to stack overflow and a process crash. To fix this problem, users should upgrade to versions 6.2.16, 7.2.6 and 7.4.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-31228.
Read more Database
In Rocket.Chat versions prior to 4.5.1 a medium severity vulnerability CVE-2024-42027 was detected. Rocket.Chat Mobile’s E2EE password has insufficient entropy, allowing attackers to crack it with enough time and resources. To fix this problem, users should upgrade Rocket.Chat to version 4.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42027.
Read more Communication
In Portainer versions prior to 2.20.2 a critical severity vulnerability CVE-2024-33662 was detected. Portainer uses an improper encryption algorithm in the AesEncrypt function, which could allow attackers to exploit vulnerabilities. To fix this problem, users should upgrade to version 2.20.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-33662.
Read more Developer Tools
In Redis versions prior to 6.2.16, 7.2.6 and 7.4.1 a high severity vulnerability CVE-2024-31449 was detected. An authenticated user can exploit a vulnerability in Redis by using a crafted Lua script, potentially leading to remote code execution. Users are advised to upgrade to the latest version to mitigate this risk. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-31449.
Read more Database
In Discourse versions before 2.9.0 a medium severity vulnerability CVE-2024-47772 was detected. This vulnerability allows attackers to run harmful JavaScript code in users’ browsers by sending a specially crafted chat message on Discourse sites with disabled security settings (CSP). To fix this issue, users should upgrade Discourse to version 2.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-47772.
Read more Communication
In Discourse stable versions up to and including 3.3.1, beta versions up to and including 3.4.0.beta1, and tests-passed versions up to and including 3.4.0.beta1 a medium severity vulnerability CVE-2024-45297 was detected. This vulnerability allows attackers to view topics with a hidden tag in Discourse if they know the label or name of that tag, potentially exposing sensitive information. To fix this issue, users should upgrade Discourse to stable versions 3.3.2, beta versions 3.4.0.beta2, and tests-passed versions 3.4.0.beta2 and higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45297.
Read more Communication
In Discourse stable versions up to and including 3.3.1, beta versions up to and including 3.4.0.beta1, and tests-passed versions up to and including 3.4.0.beta1 a medium severity vulnerability CVE-2024-45051 was detected. This vulnerability allows attackers to use a maliciously crafted email address to bypass domain-based restrictions, potentially granting them unauthorized access to private sites, categories, and groups within Discourse. To fix this issue, users should upgrade Discourse to stable versions 3.3.2 and higher, beta versions 3.4.0.beta2 and higher, and tests-passed versions 3.4.0.beta2 and higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-45051.
Read more Communication