In MongoDB Server versions 5.0 to 5.0.27, 6.0 to 6.0.16, 7.0 to 7.0.12, 7.3 to 7.3.3, MongoDB C Driver versions to 1.26.2, and MongoDB PHP Driver versions to 1.18.1 a high severity vulnerability CVE-2024-7553 was detected. This vulnerability allows local privilege escalation on Windows by improperly validating files from untrusted directories. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7553.
In Django versions 5.0 before 5.0.8, 4.2 before 4.2.15 a critical severity vulnerability CVE-2024-42005 was detected. This vulnerability allows an attacker to inject malicious SQL through specially crafted input, which can compromise database security. To address this issue users should upgrade Django to versions 5.0.8 or 4.2.15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42005.
Read more Application Development
In Gitea version 1.22.0 a high severity vulnerability CVE-2024-6886 was detected. This vulnerability allows attackers to add harmful scripts to the website, which other users might see, leading to stolen data or hijacked accounts. To fix this problem, users should upgrade Gitea to version 1.23.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6886.
Read more Developer Tools
In Rocket.Chat versions prior to 6.10.1 a high severity vulnerability CVE-2024-39713 was detected. This vulnerability allows attackers to make the server send requests to unintended locations, potentially accessing or manipulating private information. To fix this problem, users should upgrade Rocket.Chat to version 6.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-37313.
Read more Communication
In OpenStack versions 16.1/16.2/17.0 a high severity vulnerability CVE-2024-7319 was detected. This vulnerability allows the disclosure of sensitive information through the OpenStack stack abandon command. To fix this issue, users should upgrade to version 22.0.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7319.
Read more Cloud Computing
In OpenShift versions using Podman a medium severity vulnerability CVE-2024-3056 was detected. This vulnerability allows an attacker to create a container that uses up memory and IPC resources, eventually leading to system instability. If the container is set to restart automatically, the attack can be repeated. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3056.
In Mattermost versions 9.9.x up to 9.9.0 and 9.5.x up to 9.5.6 a low severity vulnerability CVE-2024-41926 was detected. This vulnerability allows attackers to mislead user information by using fake server IDs. To fix this problem, users should upgrade Mattermost to version 10.0.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41926.
Read more Communication
In Mattermost versions 9.9.x up to 9.9.0 and 9.5.x up to 9.5.6 a low severity vulnerability CVE-2024-39837 was detected. This vulnerability allows attackers to create unauthorized channels if shared channels are turned on, because the system doesn’t properly control who can create them. To fix this problem, users should upgrade Mattermost to version 10.0.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39837.
Read more Communication
In Mattermost versions 9.9.x up to 9.9.0 and 9.5.x up to 9.5.6 a low severity vulnerability CVE-2024-39832 was detected. This vulnerability allows attackers to create unauthorized channels if shared channels are turned on, because the system doesn’t properly control who can create them. To fix this problem, users should upgrade Mattermost to versions 9.5.7, 9.7.6, 9.8.2, and 9.9.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39832.
Read more Communication