In MongoDB version 7.0.3 a medium severity vulnerability CVE-2024-6375 was detected. This vulnerability allows attackers to affect database performance. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6375/.
Read more Database
In OpenVPN version 2.0.4 a low severity vulnerability CVE-2024-28820 was detected. This vulnerability allows attackers to access sensitive data. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-28820/.
Read more CMS
In Authentik a high severity vulnerability CVE-2024-38371 was detected. This vulnerability allows attackers to get access to the system. To address this issue, users must update to versions 2024.6.0, 2024.2.4, and 2024.4.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38371/.
Read more Security
In Authentik a high severity vulnerability CVE-2024-37905 was detected. This vulnerability allows attackers to get admin access. To address this issue, users should update Authentik to versions 2024.6.0, 2024.2.4, and 2024.4.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37905/.
Read more Security
In GitLab versions from 16.7 to 17.1.1 a medium severity vulnerability CVE-2024-3959 was detected. This vulnerability allows attackers to get access to sensitive data. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3959/.
Read more Developer Tools
In GitLab EE all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 a medium severity vulnerability CVE-2024-3115 was detected. Attackers can access issues and epics without an SSO session through Duo Chat. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3115.
Read more Developer Tools
In GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 a medium severity vulnerability CVE-2024-1816 was detected. This problem lets an attacker crash a service by using a specially made OpenAPI file. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1816.
Read more Developer Tools
In WordPress Core versions up to 6.5.5 a medium severity vulnerability CVE-2024-6307 was detected. This vulnerability allows attackers to insert harmful web scripts into pages. These scripts can run whenever a user visits the affected page. To fix this problem, users should upgrade WordPress Core to one of the following versions: 5.9.10, 6.0.9, 6.1.7, 6.2.6, 6.3.5, 6.4.5 or 6.5.5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6307.
Read more CMS
In WordPress versions from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, and from 5.9 through 5.9.9 a medium severity vulnerability CVE-2024-31111 was detected. This vulnerability allows attackers to insert harmful web scripts into pages to gain access to the system and sensitive information. To fix this problem, users should upgrade WordPress to version 6.5.5 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-31111.
Read more CMS