In pgAdmin versions before 8.4 a critical severity vulnerability CVE-2024-2044 was detected. Unauthenticated attackers can execute code by loading and deserializing remote pickle objects on Windows servers, while authenticated attackers on POSIX/Linux servers can upload and deserialize pickle objects to gain code execution. The issue is fixed in versions 8.4 or higher. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2044/.
Read more Database
In pgAdmin version 8.4 and earlier a high severity vulnerability CVE-2024-3116 was detected. It allows attackers to run harmful code on the server, endangering the integrity of the database system and the safety of your data. To address this issue, users are advised to update pgAdmin to version 8.5 or later. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-3116/.
Read more Database
In Apache Kafka versions from 3.5.0 through 3.5.2, from 3.6.0 through 3.6.1 a critical vulnerability CVE-2024-27309 was detected. During the migration from ZooKeeper mode to KRaft mode in Apache Kafka, Access Control Lists (ACLs) may not be properly enforced, allowing attackers to bypass access restrictions. The issue is resolved in Apache Kafka versions 3.7.0 and 3.6.2. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-27309/.
Read more Data Analytics
In Elasticsearch versions 8.10.0 and before 8.13.0 a medium security vulnerability CVE-2024-23451 was detected. This vulnerability affects the API key-based security model for Remote Cluster Security 20. This allows a malicious user with a valid API key to read arbitrary documents from any index on a remote cluster. The issue is resolved in Elasticsearch version 8.13.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23451.
Read more Data Analytics
In Apache Airflow package versions 2.8.2 to 2.8.4 a medium security vulnerability CVE-2024-29735 was detected. This vulnerability causes permission issues. The issue is resolved in Apache Airflow versions 2.8.4 or newer. A workaround is to avoid using the root user, upgrade to a newer version, or adjust permissions in the Airflow config file. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-29735.
Read more Data Analytics
Critical Directus vulnerability in password reset processes, potentially allowing attackers to redirect reset emails. Stemming from MySQL and MariaDB’s handling of email character variations, this flaw posed a serious security risk. Fortunately, Directus’s quick fix in version 10.8.3 underlines the importance of system updates for security. This incident stresses the need for IT professionals to maintain vigilance, update regularly, and foster a culture of security awareness to protect against evolving cyber threats.
Read more Database
Critical security alert for Apache Airflow versions 2.8.2 to 2.8.3: flawed log directory permissions expose systems to potential compromise. Primarily impacting root-run setups, this issue could endanger the entire filesystem. Remedies include operating as a non-root user, upgrading to version 2.8.4 or later, tightening folder permissions, and conducting thorough access reviews. Prompt measures and adherence to security best practices are vital for safeguarding Airflow environments.
Read more Data Analytics