In Gogs version 0.13.0 a high severity vulnerability CVE-2024-39933 was detected. This vulnerability allows attackers to access the code in a new release. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39933/.
Read more Developer Tools
In Gogs through 0.13.0 a critical severity vulnerability CVE-2024-39931 was detected. It allows deletion of internal files. There is currently no solution available for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39931.
Read more Developer Tools
In Gogs versions up to 0.13.0 a critical severity vulnerability CVE-2024-39930 was detected in the built-in SSH server. This flaw lets attackers send harmful commands, leading to remote code execution. Attackers must be authenticated and can exploit this if the SSH server is enabled. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39930.
Read more Developer Tools
In Gogs version 0.13.0 a critical severity vulnerability CVE-2024-39932 was detected. This vulnerability allows attackers to access the code in previewing changes. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39932/.
Read more Developer Tools
In Discourse version 3.2.3 a medium severity vulnerability CVE-2024-37157 was detected. This vulnerability allows attackers access to sensitive data. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37157/.
Read more Communication
In Discourse version 3.2.3 a low severity vulnerability CVE-2024-36122 was detected. This vulnerability allows attackers to see a user’s email address. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36122/.
Read more Communication
In Discourse version 3.2.3 a medium severity vulnerability CVE-2024-36113 was detected. This vulnerability allows attackers to suspend other staff users and block their login. There is no solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36113/.
Read more Communication
In Discourse prior to version 3.2.3 a high severity vulnerability CVE-2024-35227 was detected. Malicious URLs disrupt the platform due to improper input validation, risking unsafe data processing. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-35227.
Read more Communication
In GitLab version 17.1 a medium severity vulnerability CVE-2024-1493 was detected. This vulnerability allows attackers to DoS attack on the server. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1493/.
Read more Developer Tools