In Elasticsearch versions 7.0.0 to 7.17.18 and 8.0.0 to 8.12.0 a medium severity vulnerability CVE-2024-23444 was detected. This vulnerability allows attackers to potentially access the unprotected private key stored on the computer, posing a security risk. To fix this problem, users should upgrade Elasticsearch to versions 7.17.19 and 8.13.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23444.
In Joomla versions 4.0.0 to 4.4.5 and 5.0.0 to 5.1.1 a medium severity vulnerability CVE-2024-21730 was detected. This vulnerability allows attackers to inject malicious scripts that would be executed in the user’s browser, posing a security risk. To fix this problem, users should upgrade Joomla to versions 4.4.6 and 5.1.2. For more details, https://avd.aquasec.com/nvd/2024/cve-2024-21730.
Read more CMS
In Joomla versions 3.0.0 to 3.10.15, 4.0.0 to 4.4.5, and 5.0.0 to 5.1.1 a medium severity vulnerability CVE-2024-21731 was detected. This vulnerability allows attackers to embed harmful scripts that can run within a user’s web browser, posing significant security risks. To fix this problem, users should upgrade Joomla to versions 3.10.16, 4.4.6, and 5.1.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21731.
In MySQL version 8.4.0 and prior a medium severity vulnerability CVE-2024-21170 was detected. This vulnerability allows attackers to gain unauthorized access to and modify data in MySQL Connectors, potentially causing disruptions and partial service outages. To fix this problem, users should upgrade MySQL to version 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21170.
In MySQL versions 8.0.37 and earlier, 8.4.0 and earlier a medium severity vulnerability CVE-2024-21177 was detected. This vulnerability allows attackers to repeatedly crash MySQL Server, resulting in a total service outage. To fix this problem, users should upgrade MySQL to versions 8.0.38 and later, 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21177.
Read more Database
In Kibana versions before 8.11.2 a medium severity vulnerability CVE-2024-37281 was detected. This vulnerability allows attackers to crash a Kibana instance by sending too many harmful requests. To fix this problem, users should upgrade Kibana to version 8.11.2 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37281.
Read more Data Analytics
In Discourse versions priorto 3.2.3 and 3.3.0.beta3 a medium severity vulnerability CVE-2024-37165 was detected. A flaw in the Onebox feature can allow harmful code to run if the data is not cleaned correctly. This issue only affects Discourse instances that have turned off the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37299.
Read more Communication
In Discourse versions prior to 3.2.5 and 3.3.0.beta5 a medium severity vulnerability CVE-2024-37299 was detected. Creating requests with very long tag group names can make a Discourse instance less available. This issue is resolved in versions 3.2.5 and 3.3.0.beta5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37299.
Read more Communication
In Discourse versions prior to 3.2.5 and 3.3.0.beta5 a medium severity vulnerability CVE-2024-39320 was detected. This vulnerability allows attackers to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39320.
Read more Communication