CVE-2024-37294

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-270
View all →

Vulnerability Description

Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch.

Related Vulnerabilities

CVE-2024-47173

MEDIUM
CVSS:5.5(Medium)

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attac...

CWE-2702024

CVE-2020-1719

MEDIUM
CVSS:5.4(Medium)

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentia...

CWE-2702020

CVE-2024-51987

MEDIUM
CVSS:5.4(Medium)

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different use...

CWE-2702024

CVE-2020-7019

MEDIUM
CVSS:6.5(Medium)

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recentl...

CWE-2702020

CVE-2024-12570

MEDIUM
CVSS:6.7(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attac...

CWE-2702024

CVE-2023-25754

CRITICAL
CVSS:9.8(Critical)

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.

CWE-2702023