Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Data Management and Analytics

Data Management and Analytics

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    7 May 2025 Data Management and Analytics
    Kibana: Prototype Pollution via HTTP Requests to ML and Reporting Endpoints

    In Kibana versions 8.3.0 to 8.17.5, 8.18.0 and 9.0.0 a critical severity vulnerability CVE-2025-25014 was detected. This vulnerability allows attackers to achieve arbitrary code execution through prototype pollution by sending crafted HTTP requests to machine learning and reporting endpoints. To address this issue, users should upgrade Kibana to versions 8.17.6, 8.18.1 or 9.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25014.

    Read more
    Data Analytics
    7 May 2025 Data Management and Analytics
    Logstash: Improper Certificate Validation in TCP Output Enables MitM Attacks

    In Logstash versions prior to 8.17.6, 8.18.0 and 9.0.0 a medium severity vulnerability CVE-2025-37730 was detected. This vulnerability allows attackers to perform man-in-the-middle (MitM) attacks in “client” mode due to improper certificate validation – specifically, the lack of hostname verification when `ssl_verification_mode => full` was set in the TCP output configuration. To address this issue, users should upgrade Logstash to versions 8.17.6, 8.18.1 or 9.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-37730.

    Read more
    Data Analytics
    2 May 2025 Data Management and Analytics
    Elasticsearch: Denial of Service via Malicious Mustache Search Templates

    In Elasticsearch versions prior to 7.17.25 and prior to 8.16.0 a medium severity vulnerability CVE-2024-52979 was detected. This vulnerability allows attackers to trigger uncontrolled resource consumption by submitting specially crafted search templates using Mustache functions, potentially leading to a Denial of Service by crashing the Elasticsearch node. To address this issue, users should upgrade Elasticsearch to versions 7.17.25 or 8.16.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52979.

    Read more
    Data Analytics
    2 May 2025 Data Management and Analytics
    Kibana: Unrestricted File Upload Vulnerability Leading to Software Compromise

    In Kibana versions 7.17.0 up to 7.17.18 and 8.0.0 up to 8.12.3 a medium severity vulnerability CVE-2025-25016 was detected. This vulnerability allows authenticated attackers to compromise software integrity by uploading crafted malicious files due to insufficient server-side validation. To address this issue, users should upgrade Kibana to versions 7.17.19 or later and 8.13.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25016.

    Read more
    Data Analytics
    2 May 2025 Data Management and Analytics
    Kibana: Unrestricted File Upload in Synthetics App Enables Stored XSS

    In Kibana versions 7.17.6 up to and including 7.17.23 and 8.4.0 up to and including 8.11.4 a medium severity vulnerability CVE-2024-11390 was detected. This vulnerability allows attackers with access to the Synthetics app or write permissions to synthetics indices to upload crafted HTML and JavaScript files, leading to arbitrary JavaScript execution (XSS) in a victim’s browser. To address this issue, users should upgrade Kibana to versions 7.17.24 or 8.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11390.

    Read more
    Data Analytics
    25 Apr 2025 Data Management and Analytics
    Redis: Unauthenticated Clients Can Cause Memory Exhaustion via Unbounded Output Buffers

    In Redis versions 2.6 to 7.4.2 a medium severity vulnerability CVE-2025-21605 was detected. This vulnerability allows unauthenticated clients to trigger unbounded growth of output buffers, leading to memory exhaustion or service crashes, due to Redis not limiting output buffers for unauthenticated clients by default and repeated “NOAUTH” responses filling memory. To address this issue, users should upgrade Redis to versions 7.4.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21605.

    Read more
    Database
    24 Apr 2025 Data Management and Analytics
    Grafana: DOM XSS via Editor-Modified Panel in XY Chart Plugin

    In Grafana XY Chart plugin versions 11.6.0 prior to 11.6.0+security-01, 11.5.0 prior to 11.5.3+security-01, 11.4.0 prior to 11.4.3+security-01, 11.3.0 prior to 11.3.5+security-01 and 11.2.0 prior to 11.2.8+security-01 a medium severity vulnerability CVE-2025-2703 was detected. This DOM-based XSS issue allows a user with Editor permissions to modify a panel and execute arbitrary JavaScript. To address this issue, users should upgrade Grafana XY Chart plugin to versions 1.6.0+security-01, 11.5.3+security-01, 11.4.3+security-01, 11.3.5+security-01 and 11.2.8+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2703.

    Read more
    Data Analytics
    21 Apr 2025 Data Management and Analytics
    MySQL: High Privileged Attackers Can Cause DOS in MySQL Cluster

    In MySQL Cluster versions 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0 a medium severity vulnerability CVE-2025-30710 was detected. This vulnerability allows high-privileged attackers with network access via multiple protocols to compromise MySQL Cluster, potentially causing a hang or repeatable crash (complete DOS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30710.

    Read more
    Database
    21 Apr 2025 Data Management and Analytics
    MySQL: mysqldump Vulnerability Allows Unauthorized Data Access and Modification in MySQL Client

    In Oracle MySQL Client versions 8.0.0 through 8.0.41, 8.4.0 through 8.4.4 and 9.0.0 through 9.2.0 a medium severity vulnerability CVE-2025-30722 was detected in the mysqldump component. This vulnerability allows low-privileged attackers with network access via multiple protocols to gain unauthorized access to critical data or modify data accessible to the MySQL Client. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30722.

    Read more
    Database
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy