In Discourse Calendar plugin versions prior to 0.5 a medium severity vulnerability CVE-2024-45303 was detected. This vulnerability allows attackers to perform Cross-Site Scripting (XSS) attacks by exploiting dynamic calendar event names. This issue affects sites with modified or disabled default Content Security Policy in Discourse. To address this issue users should update to version 0.5 of the Discourse Calendar plugin. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-45303.
Read more Communication
In MySQL Server versions 8.4.0 and prior a medium severity vulnerability CVE-2024-21176 was detected. This vulnerability allows attackers with low privileges and network access via multiple protocols to cause a hang or repeatedly crash the MySQL Server, resulting in a complete denial of service. To fix this issue, users should upgrade to version 8.4.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-21176.
Read more Database
In the Blakeembrey/js-template plugin for Node.js versions before 1.2.0 a high severity vulnerability CVE-2024-45390 was detected. This vulnerability allows attackers to inject and execute malicious code in templates if they can control the template name. To fix this problem, users should upgrade the Blakeembrey/js-template plugin to version 1.2.0. For more details, visit the https://nvd.nist.gov/vuln/detail/CVE-2024-45390.
Read more Application Development
In Node.js versions prior to 20.3.1 a high severity vulnerability CVE-2023-30583 was detected. This vulnerability allows a bypass of the file system read restriction (–allow-fs-read flag) due to a missing check. To fix this problem, users should upgrade to version 20.3.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-30583.
Read more Application Development
In Foreman versions 6.13, 6.14 and 6.15 a critical severity vulnerability CVE-2024-7012 was detected. This vulnerability allows unauthorized users to gain admin access due to improper header handling by Apache’s mod_proxy. To fix this problem, users should upgrade to versions 6.13.7.2, 6.14.4.2, or 6.15.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7012.
Read more IT Business Management
In MySQL Server product of Oracle MySQL versions 8.0.38, 8.4.1, 9.0.0 a medium severity vulnerability CVE-2024-21185 was detected. This vulnerability lets high-privileged attackers cause MySQL Server to crash or hang, leading to a denial of service. At the moment, there is no version where this vulnerability has been fixed. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-21185.
Read more Database
In the Node.js version before 20.0 a high severity vulnerability CVE-2023-30584 was detected. This vulnerability allows attackers to bypass file permission checks in Node.js by exploiting improper path traversal handling within the experimental permission model. To fix this problem users should upgrade Node.js to version 20.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-30584.
Read more Application Development
In Keycloak versions before 22.0.1 a high severity vulnerability CVE-2024-7341 was detected. This vulnerability allows attackers to take over a user’s session before they log in, giving them control of the account when the user signs in. To fix this issue, users should upgrade Keycloak to version 22.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7341.
Read more Security
In MongoDB Server versions from 6.0 to 6.0.3 a medium severity vulnerability CVE-2024-8654 was detected. This vulnerability allows attackers to exploit uninitialized memory in MongoDB, potentially causing the server to behave unexpectedly or crash. To fix this problem, users should upgrade MongoDB Server to version 6.0.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8654.
Read more Database