Data Management and Analytics

In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21522 was detected. This vulnerability allows a low-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21522.

In Elasticsearch versions up to 7.17.21 and up to 8.13.3 a medium severity vulnerability CVE-2024-43709 was detected. This vulnerability allows attackers to cause an OutOfMemoryError exception and crash the system by executing a specially crafted query using an SQL function. To address this issue, users should upgrade Elasticsearch to version 7.17.21 or 8.13.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43709.

In Kibana versions up to 7.17.23 and up to 8.14.2 a medium severity vulnerability CVE-2024-52973 was detected. This vulnerability allows users with read access to the Observability-Logs feature to crash the system by sending a specially crafted request to `/api/log_entries/summary`, due to a lack of resource limits or throttling. To address this issue, users should upgrade Kibana to version 7.17.23 or 8.14.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52973.

In PostgreSQL versions before 17.3, 16.7, 15.11, 14.16 and 13.19 a high severity vulnerability CVE-2025-1094 was detected. This vulnerability allows attackers to exploit improper quoting in libpq functions and PostgreSQL command-line utilities, potentially leading to SQL injection in specific usage scenarios. To address this issue, users should upgrade to PostgreSQL 17.3, 16.7, 15.11, 14.16 or 13.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1094.

In the RediSearch module that provides querying, secondary indexing, and full-text search for Redis versions 2.6.24, 2.8.21, 2.10.10 a high severity vulnerability CVE-2024-51737 was detected. This vulnerability allows attackers to trigger a buffer overflow by using specially crafted arguments in the FT.SEARCH or FT.AGGREGATE commands, potentially leading to remote code execution. To fix this issue, users should upgrade the RediSearch module for Redis to versions 2.6.24, 2.8.21, and 2.10.10. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51737.

In PostgreSQL versions before 17.1, 16.5, 15.9, 14.14, 13.17 and 12.21 a high severity vulnerability CVE-2024-10979 was detected. This vulnerability allows an unprivileged database user to change sensitive process environment variables (e.g., PATH). This often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. To address this issue, users should upgrade PostgreSQL to versions 17.1, 16.5, 15.9, 14.14, 13.17 or 12.21. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10979.

In Redis versions from 7.0.0 to prior to 7.2.7 and from 7.4.0 to prior to 7.4.2 a medium severity vulnerability CVE-2024-51741 was detected. This vulnerability allows an authenticated user with sufficient privileges to create a malformed ACL selector, which, when accessed, triggers a server panic and subsequent denial of service. To address this issue, users should upgrade to Redis version 7.2.7 or 7.4.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-51741.

In Redis versions before 7.4.2, 7.2.7 and 6.2.17 a high severity vulnerability CVE-2024-46981 was detected. This vulnerability allows authenticated users to execute remote code by using a specially crafted Lua script to manipulate the garbage collector. To address this issue, users must upgrade to Redis version 7.4.2, 7.2.7 or 6.2.17. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-46981.