Database

In MongoDB Compass versions before 1.42.2 a high severity vulnerability CVE-2024-6376 was detected. This vulnerability allows attackers to run unauthorized code on the system by exploiting a weakness in its security settings. To fix this problem, users should upgrade MongoDB Compass to version 1.42.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6376/.

In MongoDB versions prior to 1.27.1 a medium severity vulnerability CVE-2024-6383 was detected. This vulnerability allows attackers to overflow a program’s memory, causing it to malfunction or crash. To fix this problem, users should upgrade the libbson library of MongoDB to version 1.27.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6383.

In libbson MongoDB versions prior to 1.26.2 a medium severity vulnerability CVE-2024-6381 was detected. The bson_strfreev function in the MongoDB C driver might have an integer overflow issue, causing it to free memory incorrectly. The issue is fixed in libbson MongoDB version 1.26.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6381.

In MySQL Server versions 8.0.36 and prior, 8.3.0 and prior a medium severity vulnerability CVE-2024-21159 was detected. This vulnerability allows attackers with high-level access to crash or freeze the MySQL Server, making it unusable. To fix this problem, users should upgrade MySQL Server to version 8.0.38-1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21159.

In MySQL Server versions 8.0.37 and prior, 8.4.0 and prior a medium severity vulnerability CVE-2024-21163 was detected. This vulnerability allows attackers to remotely crash or freeze the server, and potentially modify or delete some of its data. To fix this problem, users should upgrade MySQL Server to versions 8.0.38-1 and 8.4.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21163.

In MongoDB version 7.0.3 a medium severity vulnerability CVE-2024-6375 was detected. This vulnerability allows attackers to affect database performance. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6375/.

In pgAdmin version 8.8 and earlier a high severity vulnerability CVE-2024-6238 was detected. The vulnerability involves installation directory permissions on Debian and RHEL 8 platforms, allowing attackers to gain unauthorized access. To fix this issue, users should update to version 8.9 to fix this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6238.

In MongoDB Server versions before 7.0.6, 6.0.14, and 5.0.25 a high severity vulnerability CVE-2024-3372 was detected. Improper metadata validation can cause MongoDB Server to incorrectly serialize BSON, resulting in unexpected behavior and serverStatus response issues. To address this issue, users should upgrade MongoDB to version 5.0.25, 6.0.14, 7.0.6, 7.2.1 or higher For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3372.

In NocoDB version starting from 0.202.6 and prior to version 0.202.10 a medium severity vulnerability CVE-2023-50717 was detected. Attackers can upload harmful HTML files, causing a cross-site scripting attack when opened in a browser. This allowed attackers to run JavaScript in the user’s context, possibly performing actions or stealing information. To fix this issue, users should upgrade to version 0.202.10. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-50717.