In Discourse stable versions prior to 3.3.1 and tests-passed versions prior to 3.4.0.beta1 a medium severity vulnerability CVE-2024-43789 was detected. This vulnerability allows attackers to overload the Discourse system by creating a post with many replies and fetching them all at once. To fix this issue, users should upgrade Discourse to stable versions 3.3.1 and higher and tests-passed versions 3.4.0.beta1 and higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-43789.
Read more Communication
In Mastodon versions prior to 4.1.16 and prior to 4.2.8 a medium severity vulnerability CVE-2024-34535 was detected. This vulnerability allows attackers to bypass API endpoint rate limiting by sending a specially crafted HTTP request header. To fix this issue, users should upgrade Mastodon to versions 4.1.17 or 4.2.9. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-34535.
Read more Communication
In LibreNMS a low severity vulnerability CVE-2024-47526 was detected. This vulnerability allows users to inject arbitrary JavaScript into the alert template’s name, which executes immediately upon submission but does not persist after a page refresh. Currently, there is no fix version for this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47526.
Read more Monitoring
In Apache Hadoop versions 3.3.0 to 3.3.5 a medium severity vulnerability CVE-2024-23454 was detected. This vulnerability allows attackers to access sensitive data stored in the temporary directory, potentially exposing it to other local users on the system. To fix this issue, users should upgrade Apache Hadoop to version 3.3.6. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-23454.
Read more Data Analytics
In LibreNMS versions prior to 24.9.0 a medium severity vulnerability CVE-2024-47528 related to Stored Cross-Site Scripting (XSS) was detected. This vulnerability allows attackers to upload an SVG file containing an XSS payload when setting a background for a custom map. The payload triggers upon loading the map. To address this issue, users should upgrade to version 24.9.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47528.
Read more Monitoring
In LibreNMS versions prior to 24.9.0 a high severity vulnerability CVE-2024-47527 was detected. This vulnerability allows attackers to inject arbitrary JavaScript through the “hostname” parameter in the “Device Dependencies” feature. This could lead to the execution of malicious code within other users’ sessions, potentially compromising their accounts and enabling unauthorized actions. To address this issue, updating to version 24.9.0 is recommended. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47527.
Read more Monitoring
In LibreNMS versions prior to 24.9.0 a high severity vulnerability CVE-2024-47525 was detected. This Stored Cross-Site Scripting (XSS) vulnerability in the “Alert Rules” feature allows authenticated users to inject arbitrary JavaScript through the “Title” field. This can lead to the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and enabling unauthorized actions. To address this issue, users are advised to upgrade to version 24.9.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-47525.
Read more Monitoring
In WordPress Simple HTML Sitemap versions up to and including 3.1 a high severity vulnerability CVE-2024-7385 was detected. This vulnerability allows authenticated attackers with Administrator-level access or higher to inject additional SQL queries via the ‘id’ parameter, which could be used to extract sensitive information from the database. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7385.
Read more CMS
In Jenkins versions < 2.462.3 and >= 2.466, < 2.479 a medium severity vulnerability CVE-2024-47804 was detected. This vulnerability allows attackers to bypass item creation restrictions by saving an item to persist it, even if the creation is prohibited by access control checks. To address this issue, users must upgrade to version 2.462.3 or 2.479. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47804.
Read more Developer Tools