In Apache HTTP Server versions 2.4.59 and earlier a critical severity vulnerability CVE-2024-38476 was detected. This vulnerability allows malicious response headers in backend applications to cause information disclosure, SSRF, or local script execution. To fix this problem, users should upgrade Apache HTTP Server to version 2.4.60. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-38476.
Read more Application Development
In WP Discourse in all versions up to, and including 2.5.1 a medium severity vulnerability CVE-2024-35168 was detected. This vulnerability allows authenticated users with Subscriber-level access or higher to perform unauthorized actions due to a missing capability check. To fix this problem, users should upgrade WP Discourse to version 2.5.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35168.
Read more Communication
In Keycloak all versions a low severity vulnerability CVE-2024-5203 was detected. This vulnerability allows attackers to craft a fake login page and trick users into authenticating with an attacker-controlled account due to a missing unique token in the authentication POST request. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5203.
Read more Security
In Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR) a high severity vulnerability CVE-2024-4540 was detected. Client-provided parameters in plain text were found in the KC_RESTART cookie, potentially leading to an information disclosure vulnerability. There’s no fix available for this issue at the moment. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4540.
Read more Security
In HAProxy versions before 2.9.10 and before 3.0.4 a high severity vulnerability CVE-2024-45506 was detected. This vulnerability allows a remote attacker to trigger a denial of service (DoS). To address this issue, users are advised to upgrade to version 2.9.20 or version 3.0.4 immediately. For more details, visit the official advisory at the https://nvd.nist.gov/vuln/detail/CVE-2024-45506.
Read more Application Development
In SuiteCRM versions 7.14.4 and 8.6.1 a high severity vulnerability CVE-2024-45392 was detected. This vulnerability allows attackers to delete records via the API due to insufficient access control checks. To fix this issue users must upgrade to versions 7.14.5 and 8.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45392.
Read more CRM
In Apache HTTP Server version 2.4.61 a medium severity vulnerability CVE-2024-40725 was detected. This vulnerability allows attackers to disclose local source code content due to improper handling of legacy content-type configurations. To fix this issue, users are recommended to upgrade to version 2.4.62. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-40725.
Read more Application Development
In Apache HTTP Server versions 2.4.0 through 2.4.61 a critical severity vulnerability CVE-2024-40898 was detected. This vulnerability allows attackers to steal sensitive info by tricking the server. To fix this problem, users should upgrade Apache HTTP Server to version 2.4.62. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-40898.
Read more Application Development
In Apache HTTP Server versions 2.4.0 through 2.4.59 a critical severity vulnerability CVE-2024-38477 was detected. This vulnerability allows attackers to crash the Apache HTTP Server by sending a specially crafted request that triggers a null pointer dereference, causing a denial of service. To fix this problem, users should upgrade Apache HTTP Server to version 2.4.60. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-38477.
Read more Application Development