In Kibana versions from 8.6.3 through 8.13.4 a medium severity vulnerability CVE-2024-37279 was detected. The vulnerability allows users who only have permission to view alerting features to improperly use the run_soon API. This could lead to alerting rules with complex queries running continuously, which can slow down the system. To address this issue, users should upgrade to version 8.14.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37279.
Read more Data Analytics
In Elasticsearch a medium severity vulnerability CVE-2024-37280 was detected. This vulnerability allows attackers to cause a Denial of Service of the platform. There is no solution for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37280/.
Read more Data Analytics
In NocoDB version starting from 0.202.6 and prior to version 0.202.10 a medium severity vulnerability CVE-2023-50717 was detected. Attackers can upload harmful HTML files, causing a cross-site scripting attack when opened in a browser. This allowed attackers to run JavaScript in the user’s context, possibly performing actions or stealing information. To fix this issue, users should upgrade to version 0.202.10. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-50717.
Read more Database
In MongoDB Server versions 5.0.x up to 5.0.16 and 6.0.x up to 6.0.5 a medium severity vulnerability CVE-2024-3374 was detected. This vulnerability lets unauthorized users crash the server by creating a large BSON object during diagnostic metrics generation. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3374.
Read more Database
In NocoDB versions 0.202.9 and prior a medium severity vulnerability CVE-2023-50718 was detected. This vulnerability allows attackers with created access to attack the database. To address this issue, users need to update to version 0.202.10. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-50718/.
Read more Database
In MySQL Cluster versions 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior a low severity vulnerability CVE-2024-21101 was detected. High-privileged attackers with network access can exploit this vulnerability to read some data in the MySQL Cluster without authorization. Currently, there is no fix version for this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21101/.
Read more Database
In the MySQL Server product of Oracle MySQL in versions 8.0.34 and prior a medium severity vulnerability CVE-2024-21053 was detected. It allows high-privileged attackers with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in the unauthorized ability to cause a hang or crash of MySQL Server. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21053/.
Read more Database
In ‘bson’ module of MongoDB version 4.6.2 a medium severity vulnerability CVE-2024-5629 was detected. This vulnerability allows attackers to have an access to the application memory. There are no solutions for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5629/.
Read more Database
In Apache Superset versions before 3.0.3 a medium severity vulnerability CVE-2023-49657 was detected. Attackers with permission to create or update charts or dashboards can insert harmful scripts or HTML snippets, enabling them to execute cross-site scripting attacks. To enhance security in 2.X versions, users need to update their configuration settings. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-49657/.
Read more Data Analytics