In GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 a low severity vulnerability CVE-2024-0231 was detected. This vulnerability allows attackers to create a specially crafted repository import to redirect code changes to the wrong place. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-0231.
Read more Developer Tools
In Spring Cloud Data Flow versions prior to 2.11.4 a critical vulnerability CVE-2024-37084 was detected. A malicious user with access to the Skipper server API can exploit a crafted upload request to write arbitrary files to any location on the file system, potentially compromising the server. To address this issue users should upgrade to version 2.11.4. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37084.
Read more Application Development
In Dolibarr ERP CRM versions before 19.0.2-php8.2 a high severity vulnerability CVE-2024-40137 was detected. A vulnerability in the Computed field parameter of the Users Module Setup in Dolibarr ERP CRM allows remote code execution. This issue is fixed in versions 19.0.2-php8.2 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-40137.
In Virtual Programming Lab for Moodle versions up to v4.2.3 a medium severity vulnerability CVE-2024-34312 was detected. This issue allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access or manipulation of user data. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34312.
Read more Educational
In MongoDB Rust Driver 2.0 versions prior to 2.8.2 a medium severity vulnerability CVE-2024-6382 was detected. Incorrect handling of some string inputs in the MongoDB Rust driver can create unintended server commands, leading to unexpected behavior or data modification. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6382.
Read more Database
In PostgreSQL in REFRESH MATERIALIZED VIEW CONCURRENTLY command versions before 16.2, 15.6, 14.11, 13.14, and 12.18 a high severity vulnerability CVE-2024-0985 was detected. This command should safely refresh views, but due to a flaw, the view creator can trick a superuser or someone with higher privileges into running harmful functions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-0985.
Read more Database
In MySQL Server versions 8.0.37 and prior, and 8.4.0 and prior a medium severity vulnerability CVE-2024-20996 was detected. A high-privileged attacker with network access can exploit this vulnerability to compromise MySQL Server, causing it to hang or crash repeatedly. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-20996.
Read more Database
In the Spring Cloud Function framework versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8 a high severity vulnerability CVE-2024-22271 was detected. The application is vulnerable to a DOS attack if it tries to use non-existing functions while using the Spring Cloud Function Web module. To address this issue users should upgrade to 4.0.8 or 4.1.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-22271.
Read more Application Development
In MySQL Server versions prior to 8.0.37 and prior to 8.4.0 a medium severity vulnerability CVE-2024-21179 was detected. This vulnerability allows attackers with network access to cause a hang or crash, leading to a denial of service (DoS). To fix this problem, users should upgrade MySQL Server to versions 8.0.37 and 8.4.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21179.
Read more Database