In PostgreSQL versions before 16.4, 15.8, 14.13, 13.16, 12.20 a high severity vulnerability CVE-2024-7348 was detected. This vulnerability allows attackers to execute SQL functions as a superuser by exploiting a race condition, swapping an object with a view or foreign table during the backup process. To fix this problem, users should upgrade to version 16.4.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7348.
Read more Database
In MySQL Server product of Oracle MySQL versions 8.0.38, 8.4.1, 9.0.0 a medium severity vulnerability CVE-2024-21185 was detected. This vulnerability lets high-privileged attackers cause MySQL Server to crash or hang, leading to a denial of service. At the moment, there is no version where this vulnerability has been fixed. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-21185.
Read more Database
In MySQL Server versions 8.4.0 and prior a medium severity vulnerability CVE-2024-21176 was detected. This vulnerability allows attackers with low privileges and network access via multiple protocols to cause a hang or repeatedly crash the MySQL Server, resulting in a complete denial of service. To fix this issue users must upgrade to a 8.4.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-21176.
Read more Database
In MongoDB Server versions from 6.0 to 6.0.3 a medium severity vulnerability CVE-2024-8654 was detected. This vulnerability allows attackers to exploit uninitialized memory in MongoDB, potentially causing the server to behave unexpectedly or crash. To fix this problem, users should upgrade MongoDB Server to version 6.0.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8654.
Read more Database
In Apache Airflow versions 2.10.0 a low severity vulnerability CVE-2024-45498 was detected. This vulnerability allows attackers to create a fake login page and deceive users into authenticating with attacker-controlled credentials due to the absence of a unique token in the authentication POST request. To fix this problem, users should upgrade to version 2.10.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45498.
Read more Data Analytics
In Apache Airflow versions before 2.10.1 a high severity vulnerability CVE-2024-45034 was detected. This vulnerability allows DAG authors to add local settings to the DAG folder, which can be executed by the scheduler, bypassing its intended restrictions. To fix this problem, users should upgrade to version 2.10.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45034.
Read more Data Analytics
In Lightdash version 0.1024.6 a high severity vulnerability (CVE-2024-6585) was detected. This vulnerability allows attackers to inject malicious code into a website, potentially stealing user data or performing harmful actions in their browsers. To fix this problem, users should upgrade Lightdash to version 0.1042.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6585.
Read more Data Analytics
In Grafana versions 1.1.37 to 1.5.1 a critical severity vulnerability CVE-2024-5526 was detected. This vulnerability involves unsanitized inputs in the webhook functionality that can be exploited, allowing attackers to perform a Server Side Request Forgery attack. To fix this problem, users should upgrade Grafana OnCall to version 1.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5526.
Read more Data Analytics
In Lightdash version 0.1024.6 a high severity vulnerability CVE-2024-6586 has been detected. This vulnerability allows users with the necessary permissions to create and share dashboards containing HTML elements that can point to a threat actor-controlled source, which may trigger an SSRF request when exported via a POST request to /api/v1/dashboards//export. To fix this issue, users should upgrade to Lightdash version 0.1027.2. For more details, please visit the https://nvd.nist.gov/vuln/detail/CVE-2024-6586.