in Apache Zeppelin versions from 0.8.2 before 0.11.1 a medium severity vulnerability CVE-2024-31865 was detected. Attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. Users are recommended to upgrade to version 0.11.1, which fixes the issue. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31865/.
Read more Graphic Design
Improper Control of Code Generation (‘Code Injection’) vulnerability CVE-2024-31864 was detected in all versions of Apache Zeppelin before 0.11.1. This vulnerability allows attackers to inject sensitive configuration or malicious code when connecting MySQL database via Java Database Connectivity driver. The issue is resolved in version 0.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31864/.
Read more Graphic Design
In GitLab CE/EE all versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2 a high severity vulnerability CVE-2024-3092 was detected. This issue allows attackers to do things on someone else’s behalf by injecting a harmful code. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-3092/.
Read more Developer Tools
In Apache Zeppelin versions from 0.10.1 before 0.11.0 an Improper Input Validation vulnerability CVE-2024-31862 was detected, particularly when creating a new note through Zeppelin’s user interface. The issue is fixed in version 0.11.0. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31862.
Read more Graphic Design
In Ghost through 5.76.0 version a low severity vulnerability CVE-2024-23724 was detected. Due to this vulnerability, someone could use a special image to run harmful code, potentially taking control of any account. Currently, there is no fix version for this issue. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-23724/.
Read more CMS
In Apache Zeppelin versions from 0.10.1 before 0.11.1 a medium severity vulnerability CVE-2024-31861 was detected. It allows attackers to inject malicious code through the Shell interpreter, potentially leading to the unauthorized execution of commands. Users are recommended to upgrade to version 0.11.1, which doesn’t have Shell interpreter by default. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31861.
Read more Graphic Design
In FreeIPA a medium severity vulnerability CVE-2024-1481 was detected. This issue may cause some failures in authentication processes, but it does not allow anyone to access sensitive data or damage the integrity of the system. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-1481.
Read more Security
In Apache Zeppelin versions from 0.9.0 before 0.11.0 a low severity vulnerability CVE-2024-31860 was detected. Due to the issue, attackers can gain access to files on the server by using symbols that show the file’s location to other files. It’s recommended to upgrade to version 0.11.0 to fix the vulnerability. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31860.
Read more Graphic Design
In HTTP/1.1 client for Node.js (Undici), a low severity vulnerability CVE-2024-30261 was detected. This vulnerability allows attackers to change a setting to make their fake requests look real, allowing them to sneak in harmful alterations undetected. However, there’s no confidentiality or availability impact. The issue is fixed in versions 5.28.4 and 6.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-30261.
Read more Application Development