Database

In MySQL version 8.4.0 and prior a medium severity vulnerability CVE-2024-21170 was detected. This vulnerability allows attackers to gain unauthorized access to and modify data in MySQL Connectors, potentially causing disruptions and partial service outages. To fix this problem, users should upgrade MySQL to version 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21170.

In MySQL versions 8.0.37 and earlier, 8.4.0 and earlier a medium severity vulnerability CVE-2024-21177 was detected. This vulnerability allows attackers to repeatedly crash MySQL Server, resulting in a total service outage. To fix this problem, users should upgrade MySQL to versions 8.0.38 and later, 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21177.

In Couchbase Server versions before 7.2.5 and 7.6.0 before 7.6.1 a low severity vulnerability CVE-2024-37034 was detected. This vulnerability allows attackers to intercept and potentially steal sensitive information because the credentials are not properly secured. To fix this problem, users should upgrade Couchbase Server to versions 7.2.5 and 7.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37034.

In MongoDB Rust Driver 2.0 versions prior to 2.8.2 a medium severity vulnerability CVE-2024-6382 was detected. Incorrect handling of some string inputs in the MongoDB Rust driver can create unintended server commands, leading to unexpected behavior or data modification. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6382.

In PostgreSQL in REFRESH MATERIALIZED VIEW CONCURRENTLY command versions before 16.2, 15.6, 14.11, 13.14, and 12.18 a high severity vulnerability CVE-2024-0985 was detected. This command should safely refresh views, but due to a flaw, the view creator can trick a superuser or someone with higher privileges into running harmful functions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-0985.

In MySQL Server versions 8.0.37 and prior, and 8.4.0 and prior a medium severity vulnerability CVE-2024-20996 was detected. A high-privileged attacker with network access can exploit this vulnerability to compromise MySQL Server, causing it to hang or crash repeatedly. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-20996.

In MySQL Server versions prior to 8.0.37 and prior to 8.4.0 a medium severity vulnerability CVE-2024-21179 was detected. This vulnerability allows attackers with network access to cause a hang or crash, leading to a denial of service (DoS). To fix this problem, users should upgrade MySQL Server to versions 8.0.37 and 8.4.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21179.

In MongoDB Compass versions before 1.42.2 a high severity vulnerability CVE-2024-6376 was detected. This vulnerability allows attackers to run unauthorized code on the system by exploiting a weakness in its security settings. To fix this problem, users should upgrade MongoDB Compass to version 1.42.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6376/.

In MongoDB versions prior to 1.27.1 a medium severity vulnerability CVE-2024-6383 was detected. This vulnerability allows attackers to overflow a program’s memory, causing it to malfunction or crash. To fix this problem, users should upgrade the libbson library of MongoDB to version 1.27.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6383.