Newsflash Archives - Page 277 of 289 - Proactive Insights and Support For Open-Source Applications

All OSSpedia Articles How To Newsflash Case Studies

16 Jun 2024 Infrastructure and Network

WooCommerce: The vulnerability allows attackers to include local PHP files by using recent purchases

In WooCommerce a medium severity vulnerability CVE-2024-35634 was detected. This vulnerability allows attackers to include local PHP files by using recent purchases. There is no solution to this yet. For more details, visit https://www.cvedetails.com/cve/CVE-2024-35634/.

Read more Security

16 Jun 2024 Business and Enterprise Solutions

Vault: The vulnerability allows attackers to log in to the system with the wrong credentials

In Vault a low severity vulnerability CVE-2024-5798 was detected. This vulnerability allows attackers to log in to the system with the wrong credentials. To address this issue, users need to update to Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9. For more details, visit https://www.cvedetails.com/cve/CVE-2024-5798/.

Read more E-commerce

15 Jun 2024 Data Management and Analytics

MongoDB: Fatal Assertion Vulnerability

In MongoDB Server versions 5.0.x up to 5.0.16 and 6.0.x up to 6.0.5 a medium severity vulnerability CVE-2024-3374 was detected. This vulnerability lets unauthorized users crash the server by creating a large BSON object during diagnostic metrics generation. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3374.

Read more Database

15 Jun 2024 DevOps

Harbor: Vulnerability allows attackers to leak the task IDs

In Harbor low severity vulnerability CVE-2024-22261 was detected. This vulnerability allows attackers to leak the task IDs. There is no solution to it yet. For more details, visit Read more Developer Tools

15 Jun 2024 Data Management and Analytics

NocoDB: Vulnerability allows attackers with created access to attack the database.

In NocoDB versions 0.202.9 and prior a medium severity vulnerability CVE-2023-50718 was detected. This vulnerability allows attackers with created access to attack the database. To address this issue, users need to update to version 0.202.10. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-50718/.

Read more Database

15 Jun 2024 DevOps

Sonatype Nexus: Flaw Allows Unauthorized File Access Outside Secure Directory

In Sonatype Nexus Repository versions from 3.0 to 3.68.0 a high severity vulnerability CVE-2024-4956 was detected. This flaw allows attackers to manipulate file paths, accessing files outside the restricted directory. The issue is fixed in version 3.68.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4956/.

Read more Developer Tools

15 Jun 2024 DevOps

OpenStack: Platform Director Vulnerability Exposes Passwords in Log Files

In OpenStack Platform a medium severity vulnerability CVE-2024-4840 was detected. This flaw could expose sensitive information by storing plaintext passwords in log files. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4840/.

Read more Cloud Computing

14 Jun 2024 DevOps

GitLab: Vulnerability allows attackers to create a DoS attack

In GitLab versions from 13.2.4 to 17.0 a medium severity vulnerability CVE-2024-1947 was detected. This vulnerability allows attackers to create a DoS attack. There is no solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-1947/.

Read more Developer Tools

14 Jun 2024 DevOps

GitLab: Vulnerability allows attackers to bypass authorization

In GitLab versions 13.2.4 to 17.0 a medium severity vulnerability CVE-2024-5258 was detected. This vulnerability allows attackers to bypass authorization. There is no solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5258/.

Read more Developer Tools