In OpenStack components Cinder through version 24.0.0, Glance before version 28.0.2, and Nova before version 29.0.3 a medium severity vulnerability CVE-2024-32498 was detected. This vulnerability allows attackers to read important files on your system using a specially made file. To fix this problem, users should upgrade the OpenStack Cinder component to version 24.0.1 or later, the OpenStack Glance component to version 28.0.2 or later and the OpenStack Nova component to version 29.0.3 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-32498.
Read more Cloud Computing
In MongoDB Compass versions before 1.42.2 a high severity vulnerability CVE-2024-6376 was detected. This vulnerability allows attackers to run unauthorized code on the system by exploiting a weakness in its security settings. To fix this problem, users should upgrade MongoDB Compass to version 1.42.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6376/.
Read more Database
In MongoDB versions prior to 1.27.1 a medium severity vulnerability CVE-2024-6383 was detected. This vulnerability allows attackers to overflow a program’s memory, causing it to malfunction or crash. To fix this problem, users should upgrade the libbson library of MongoDB to version 1.27.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6383.
Read more Database
In Apache NiFi versions 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 a medium severity vulnerability CVE-2024-37389 was detected. This vulnerability allows attackers to exploit a security flaw that can lead to remote code execution, data exposure and system compromise. To fix this problem, users should upgrade Apache NiFi to versions 1.27.0 or 2.0.0-M4. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37389.
Read more Data Analytics
In libbson MongoDB versions prior to 1.26.2 a medium severity vulnerability CVE-2024-6381 was detected. The bson_strfreev function in the MongoDB C driver might have an integer overflow issue, causing it to free memory incorrectly. The issue is fixed in libbson MongoDB version 1.26.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6381.
Read more Database
In Openshift Container Storage a high severity vulnerability CVE-2024-1394 was detected. A memory leak in Golang’s RSA encryption code can cause the system to run out of resources when given harmful data. This problem occurs in the `rsa.go` file at line 113 of the `github.com/golang-fips/openssl/openssl` package because the `pkey` and `ctx` variables aren’t properly released when there’s an error. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1394.
Read more Developer Tools
In Nextcloud Server a high severity vulnerability CVE-2024-37882 was detected. A recipient with read and share permissions can grant themselves additional permissions when resharing the item. To fix this issue, it is recommended to upgrade Nextcloud Server to version 26.0.13, 27.1.8, or 28.0.4, and Nextcloud Enterprise Server to the same versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37882.
Read more Storage
In Zowe in Command Line Interface (CLI) a medium severity vulnerability CVE-2024-6833 was detected. This vulnerability allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation. To address this issue users should upgrade to version 7.23.5 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6833.
Read more Developer Tools
In Kubernetes versions 1.27.15 and prior, 1.28.11 and prior, 1.29.6 and prior, 1.30.2 and prior a medium severity vulnerability CVE-2024-5321 was detected. This vulnerability allows attackers to modify contained logs. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5321/.
Read more Developer Tools