In FreeIPA involving Kerberos TGS-REQ (Ticket Granting Service Request) a high severity vulnerability CVE-2024-3183 was detected. It allows attackers who compromise a principal to potentially decrypt tickets encrypted with other principals’ keys. By offline brute-force attacks on stolen tickets and salts, attackers could find passwords and decrypt these tickets. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3183.
Read more Security
In Apache Airflow versions before 2.9.2 a low severity vulnerability CVE-2024-25142 was detected. This vulnerability allows attackers to store sensitive data in the local cache of the browser. To address this issue, users must upgrade to version 2.9.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-25142/.
Read more Data Analytics
In the Dolibarr version 19.0.1 a low severity vulnerability CVE-2024-37821 was detected. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SQL file. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37821/.
Read more ERP
In Mattermost Desktop App versions <=5.7.0 a low severity vulnerability CVE-2024-36287 was detected. This issue happens because Electron debug flags are left enabled, allowing users to bypass macOS's TCC (Transparency, Consent, and Control) restrictions. To lower this risk, update to a newer version. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36287.
Read more Communication
In Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 a medium severity vulnerability CVE-2024-5272 was detected. The “custom_playbooks_playbook_run_updated” webhook event doesn’t restrict its audience, so a guest in a linked channel can view all details of a playbook run after it’s finished. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5272.
Read more Communication
In SuiteCRM versions prior to 7.14.4 and prior to 8.6.1 a high severity vulnerability CVE-2024-36415 was detected. This flaw in the product’s file upload system allows attackers to upload harmful files that can be executed, potentially compromising the system. This issue was resolved in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36415/.
Read more CRM
In SuiteCRM versions 7.14.4 and 8.6.1 a medium severity vulnerability CVE-2024-36414 was detected. This vulnerability allows attackers to perform a server-side request forgery attack. To address this issue, users must install the fix in the versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36414/.
Read more CRM
In SuiteCRM prior to versions 7.14.4 and 8.6.1 a medium severity vulnerability CVE-2024-36413 was detected. A weakness in the import module error view allows XSS attacks due to improper input sanitization. To address this issue, users should update SuiteCRM to versions 7.14.4 or 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36413.
Read more CRM
In SuiteCRM versions 7.14.4 and 8.6.1 a critical severity vulnerability CVE-2024-36417 was detected. An unverified IFrame could enable a cross-site scripting attack by allowing harmful inputs to be served to users without proper security checks. To address this issue, users should update SuiteCRM to versions 7.14.4 or 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36417/.
Read more CRM