Database

In MongoDB Server versions 5.0 prior to 5.0.14 and 6.0 prior to 6.0.3 a medium severity vulnerability CVE-2024-8207 was detected. This vulnerability allows attackers with access to the server to take control of the MongoDB process by loading malicious files when it starts. To fix this problem, users should upgrade MongoDB Server to versions 6.1.1, 5.0.14, and 6.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8207.

In MongoDB Enterprise Server versions 6.0 to 6.0.16, 7.0 to 7.0.11, and 7.3 to 7.3.3 a medium severity vulnerability CVE-2024-6384 was detected. This vulnerability allows unauthorized access to potentially sensitive data stored in those backups.To fix this issue, users must upgrade to version 8.14.2 or 7.17.23 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6384.

In MongoDB Server versions 5.0 to 5.0.27, 6.0 to 6.0.16, 7.0 to 7.0.12, 7.3 to 7.3.3, MongoDB C Driver versions to 1.26.2, and MongoDB PHP Driver versions to 1.18.1 a high severity vulnerability CVE-2024-7553 was detected. This vulnerability allows local privilege escalation on Windows by improperly validating files from untrusted directories. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7553.

In MySQL version 8.4.0 and prior a medium severity vulnerability CVE-2024-21170 was detected. This vulnerability allows attackers to gain unauthorized access to and modify data in MySQL Connectors, potentially causing disruptions and partial service outages. To fix this problem, users should upgrade MySQL to version 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21170.

In MySQL versions 8.0.37 and earlier, 8.4.0 and earlier a medium severity vulnerability CVE-2024-21177 was detected. This vulnerability allows attackers to repeatedly crash MySQL Server, resulting in a total service outage. To fix this problem, users should upgrade MySQL to versions 8.0.38 and later, 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21177.

In Couchbase Server versions before 7.2.5 and 7.6.0 before 7.6.1 a low severity vulnerability CVE-2024-37034 was detected. This vulnerability allows attackers to intercept and potentially steal sensitive information because the credentials are not properly secured. To fix this problem, users should upgrade Couchbase Server to versions 7.2.5 and 7.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37034.

In MongoDB Rust Driver 2.0 versions prior to 2.8.2 a medium severity vulnerability CVE-2024-6382 was detected. Incorrect handling of some string inputs in the MongoDB Rust driver can create unintended server commands, leading to unexpected behavior or data modification. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6382.

In PostgreSQL in REFRESH MATERIALIZED VIEW CONCURRENTLY command versions before 16.2, 15.6, 14.11, 13.14, and 12.18 a high severity vulnerability CVE-2024-0985 was detected. This command should safely refresh views, but due to a flaw, the view creator can trick a superuser or someone with higher privileges into running harmful functions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-0985.

In MySQL Server versions 8.0.37 and prior, and 8.4.0 and prior a medium severity vulnerability CVE-2024-20996 was detected. A high-privileged attacker with network access can exploit this vulnerability to compromise MySQL Server, causing it to hang or crash repeatedly. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-20996.