In SonarQube versions before 10.4 and 9.9.4 LTA (Long-Term Support) a medium severity vulnerability CVE-2024-38460 was detected. This vulnerability allows attackers to exploit encrypted values exposed in plaintext within URL parameters found in logs such as SonarQube Access Logs and Proxy Logs. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38460.
Read more Developer Tools
In Python “ssl” module related to a memory race condition with the methods “cert_store_stats()” and “get_ca_certs()” in ssl.SSLContext vulnerability CVE-2024-0397 was detected. This issue can arise if these methods are used while certificates are being loaded into the SSLContext, such as during a TLS handshake with a configured certificate directory. The issue is fixed in Python versions 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-0397.
Read more Application Development
In Apache Superset versions 4.0.0 and 3.1.2 a medium severity vulnerability CVE-2024-34693 was detected. This vulnerability allows attackers to get access to the database. To address this issue, users must upgrade to version 4.0.1 or 3.1.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34693/.
Read more Data Analytics
In Spring Cloud a high severity vulnerability CVE-2024-22263 was detected. This vulnerability allows attackers to get access to sensitive data. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-22263/.
Read more Application Development
In GitLab CE/EE all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2 a medium severity vulnerability CVE-2024-1736 was detected. The vulnerability in GitLab’s CI/CD (Continuous Integration/Continuous Delivery) pipeline editor can potentially lead to denial of service attacks via specially crafted configuration files. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1736.
Read more Developer Tools
In Moodle a low severity vulnerability CVE-2024-38276 was detected. This vulnerability allows attackers to steal sensitive data from users. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38276/.
Read more Educational
In Moodle a low severity vulnerability CVE-2024-38275 was detected. Due to the flaw, sensitive authorization information could be mistakenly sent to different websites during redirects. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38275/.
Read more Educational
In Moodle a low severity vulnerability CVE-2024-38274 was detected. This issue allows harmful code to be stored in calendar event titles, posing a risk when deleting events due to improper handling of user input. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38274/.
Read more Educational
In Moodle versions 4.4, 4.3 to 4.3.4, 4.2 to 4.2.7, 4.1 to 4.1.10 and earlier a medium severity vulnerability CVE-2024-38277 was detected. It involves the use of cryptographic keys or passwords beyond their expiration date. This oversight extends the window during which these credentials could be vulnerable to cracking attacks, emphasizing the critical need for timely key and password management to uphold robust security measures. To fix this issue, users should upgrade Moodle to versions 4.4.1, 4.3.5, 4.2.8 and 4.1.11. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38277/.
Read more Educational