In Mattermost versions from 9.5.x before 9.5.3, from 9.6.x before 9.6.1 and from 8.1.x before 8.1.12 a medium severity vulnerability CVE-2024-32045 was detected. The problem is due to inadequate access controls, allowing users to link playbook runs to private channels they shouldn’t access. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-32045.
Read more Communication
In Apache Superset versions before 3.0.3 a medium severity vulnerability CVE-2023-49657 was detected. Attackers with permission to create or update charts or dashboards can insert harmful scripts or HTML snippets, enabling them to execute cross-site scripting attacks. To enhance security in 2.X versions, users need to update their configuration settings. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-49657/.
Read more Data Analytics
In Apache Airflow versions before 2.8.2 vulnerability CVE-2024-26280 was detected. This issue allows certain users to see audit logs they shouldn’t. Starting from version 2.8.2, only admin users can view audit logs by default. Others need explicit permission. It’s advised to upgrade to version 2.8.2 or later to fix this problem. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-26280/.
Read more Data Analytics
In Mattermost versions from 9.5.0 through 9.5.3, 9.6.0, 9.6.1 and from 8.1.0 through 8.1.12 a medium severity vulnerability CVE-2024-34152 was detected. It allows a guest to view the details of a public playbook by making a specific server request. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34152/.
Read more Communication
In Moodle versions from 4.3 to 4.3.3 a medium severity vulnerability CVE-2024-34009 was detected. ReCAPTCHA on the login page can be bypassed due to insufficient validation checks, although this issue does not affect other pages. To fix this issue, users should upgrade Moodle to versions 4.3.4 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34009/.
Read more Educational
In Nginx versions from 1.25.0 to before 1.26.1 a medium severity vulnerability CVE-2024-35200 was detected. This issue affects NGINX Plus and NGINX OSS when using the HTTP/3 module. Attackers can cause a denial-of-service (DoS) by stopping NGINX worker processes. Only the data plane is affected, not the control plane. Affected organizations should fix this problem immediately to reduce the risk. For additional details, visit https://avd.aquasec.com/nvd/2024/cve-2024-35200.
Read more Application Development
In Apache Airflow versions 2.8.0 through 2.8.2 a high severity vulnerability CVE-2024-28746 was detected. It allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-28746/.
Read more Data Analytics
In Graphite a critical severity vulnerability CVE-2023-34308 was detected. It enables remote code execution when users engage with harmful files or web pages. The software lacks proper checks on files like projects and source code, causing buffer overflow. For additional details, visit https://avd.aquasec.com/nvd/2023/cve-2023-34308.
Read more Data Analytics
In OpenShift a critical security vulnerability CVE-2024-5037 was detected. This vulnerability allows attackers to use a forged token to bypass the authentication. There is no fix available for this. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5037/.
Read more Developer Tools