In Kibana versions before 8.11.2 a medium severity vulnerability CVE-2024-37281 was detected. This vulnerability allows attackers to crash a Kibana instance by sending too many harmful requests. To fix this problem, users should upgrade Kibana to version 8.11.2 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37281.
Read more Data Analytics
In Elasticsearch versions 7.0.0 prior to 7.17.16 and 8.0.0 prior to 8.11.2 a medium severity vulnerability CVE-2023-49921 was detected. This allows attackers to access and view sensitive information stored in Elasticsearch through the detailed log files. To fix this problem, users should upgrade Elasticsearch to versions 7.17.16, and 8.11.2. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-49921.
Read more Data Analytics
In Couchbase Server versions before 7.2.5 and 7.6.0 before 7.6.1 a low severity vulnerability CVE-2024-37034 was detected. This vulnerability allows attackers to intercept and potentially steal sensitive information because the credentials are not properly secured. To fix this problem, users should upgrade Couchbase Server to versions 7.2.5 and 7.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37034.
Read more Database
In MongoDB Rust Driver 2.0 versions prior to 2.8.2 a medium severity vulnerability CVE-2024-6382 was detected. Incorrect handling of some string inputs in the MongoDB Rust driver can create unintended server commands, leading to unexpected behavior or data modification. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6382.
Read more Database
In PostgreSQL in REFRESH MATERIALIZED VIEW CONCURRENTLY command versions before 16.2, 15.6, 14.11, 13.14, and 12.18 a high severity vulnerability CVE-2024-0985 was detected. This command should safely refresh views, but due to a flaw, the view creator can trick a superuser or someone with higher privileges into running harmful functions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-0985.
Read more Database
In MySQL Server versions 8.0.37 and prior, and 8.4.0 and prior a medium severity vulnerability CVE-2024-20996 was detected. A high-privileged attacker with network access can exploit this vulnerability to compromise MySQL Server, causing it to hang or crash repeatedly. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-20996.
Read more Database
In MySQL Server versions prior to 8.0.37 and prior to 8.4.0 a medium severity vulnerability CVE-2024-21179 was detected. This vulnerability allows attackers with network access to cause a hang or crash, leading to a denial of service (DoS). To fix this problem, users should upgrade MySQL Server to versions 8.0.37 and 8.4.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21179.
Read more Database
In Apache NiFi versions 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 a medium severity vulnerability CVE-2024-37389 was detected. This vulnerability allows attackers to exploit a security flaw that can lead to remote code execution, data exposure and system compromise. To fix this problem, users should upgrade Apache NiFi to versions 1.27.0 or 2.0.0-M4. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37389.
Read more Data Analytics
In MongoDB Compass versions before 1.42.2 a high severity vulnerability CVE-2024-6376 was detected. This vulnerability allows attackers to run unauthorized code on the system by exploiting a weakness in its security settings. To fix this problem, users should upgrade MongoDB Compass to version 1.42.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6376/.
Read more Database