In MySQL Server versions 8.0.37 and prior, 8.4.0 and prior a medium severity vulnerability CVE-2024-21163 was detected. This vulnerability allows attackers to remotely crash or freeze the server, and potentially modify or delete some of its data. To fix this problem, users should upgrade MySQL Server to versions 8.0.38-1 and 8.4.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21163.
Read more Database
In MySQL Server versions 8.0.36 and prior, 8.3.0 and prior a medium severity vulnerability CVE-2024-21159 was detected. This vulnerability allows attackers with high-level access to crash or freeze the MySQL Server, making it unusable. To fix this problem, users should upgrade MySQL Server to version 8.0.38-1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21159.
Read more Database
In JupyterLab extension template (copier) a high severity security vulnerability CVE-2024-39700 was detected. This vulnerability allows attackers to perform Remote Code Execution (RCE) via the `update-integration-tests.yml` workflow included in repositories created with the `test` option. To address this issue, users should upgrade the template to version 4.3.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39700.
Read more Machine Learning
In Airflow versions 2.4.0 and before 2.9.3 a low severity vulnerability CVE-2024-39877 was detected. This vulnerability allows attackers to execute arbitrary code in the scheduler context. To address this issue, users must upgrade to the version 2.9.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39877.
Read more Data Analytics
In Apache Airflow version before 2.9.3 a medium severity vulnerability CVE-2024-39863 was detected. This vulnerability allows an authenticated attacker to inject a malicious link when installing a provider. To fix this problem, users should upgrade Apache Airflow to version 2.9.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39863.
Read more Data Analytics
In Superset version 4.0.1 a medium severity vulnerability CVE-2024-39887 was detected. This vulnerability allows attackers to bypass Apache Superset’s SQL authorization. To address this issue, users must update version 4.0.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39887/.
Read more Data Analytics
In the OpenSearch Dashboards Reporting plugin a medium severity vulnerability CVE-2024-39900 was detected. A ‘Report Owner’ can export and share reports from OpenSearch Dashboards, potentially accessing private tenant resources like notebooks. The system didn’t verify if the user was the resource author, leading to possible unauthorized data exposure. This issue is fixed in OpenSearch version 2.14. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39900.
Read more Data Analytics
In Airbyte versions till 0.62.2 a high severity vulnerability CVE-2024-38363 was detected. This vulnerability allows attackers to execute arbitrary code on the server as the web server user. To address this issue, users must update to version 0.62.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38363/.
Read more Data Analytics
In the OpenSearch observability plugins a medium severity vulnerability CVE-2024-39901 was detected. This vulnerability lets unauthorized users access private tenant resources, like notebooks. The system didn’t check if the user was the resource author, potentially exposing sensitive data. This issue has been fixed in OpenSearch version 2.14. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39901.
Read more Data Analytics