In Elasticsearch versions 7.0.0 to 7.17.18 and 8.0.0 to 8.12.0 a medium severity vulnerability CVE-2024-23444 was detected. This vulnerability allows attackers to potentially access the unprotected private key stored on the computer, posing a security risk. To fix this problem, users should upgrade Elasticsearch to versions 7.17.19 and 8.13.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23444.
In MySQL version 8.4.0 and prior a medium severity vulnerability CVE-2024-21170 was detected. This vulnerability allows attackers to gain unauthorized access to and modify data in MySQL Connectors, potentially causing disruptions and partial service outages. To fix this problem, users should upgrade MySQL to version 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21170.
In MySQL versions 8.0.37 and earlier, 8.4.0 and earlier a medium severity vulnerability CVE-2024-21177 was detected. This vulnerability allows attackers to repeatedly crash MySQL Server, resulting in a total service outage. To fix this problem, users should upgrade MySQL to versions 8.0.38 and later, 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21177.
Read more Database
In Kibana versions before 8.11.2 a medium severity vulnerability CVE-2024-37281 was detected. This vulnerability allows attackers to crash a Kibana instance by sending too many harmful requests. To fix this problem, users should upgrade Kibana to version 8.11.2 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37281.
Read more Data Analytics
In Elasticsearch versions 7.0.0 prior to 7.17.16 and 8.0.0 prior to 8.11.2 a medium severity vulnerability CVE-2023-49921 was detected. This allows attackers to access and view sensitive information stored in Elasticsearch through the detailed log files. To fix this problem, users should upgrade Elasticsearch to versions 7.17.16, and 8.11.2. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-49921.
Read more Data Analytics
In Couchbase Server versions before 7.2.5 and 7.6.0 before 7.6.1 a low severity vulnerability CVE-2024-37034 was detected. This vulnerability allows attackers to intercept and potentially steal sensitive information because the credentials are not properly secured. To fix this problem, users should upgrade Couchbase Server to versions 7.2.5 and 7.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37034.
Read more Database
In MongoDB Rust Driver 2.0 versions prior to 2.8.2 a medium severity vulnerability CVE-2024-6382 was detected. Incorrect handling of some string inputs in the MongoDB Rust driver can create unintended server commands, leading to unexpected behavior or data modification. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6382.
Read more Database
In PostgreSQL in REFRESH MATERIALIZED VIEW CONCURRENTLY command versions before 16.2, 15.6, 14.11, 13.14, and 12.18 a high severity vulnerability CVE-2024-0985 was detected. This command should safely refresh views, but due to a flaw, the view creator can trick a superuser or someone with higher privileges into running harmful functions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-0985.
Read more Database
In MySQL Server versions 8.0.37 and prior, and 8.4.0 and prior a medium severity vulnerability CVE-2024-20996 was detected. A high-privileged attacker with network access can exploit this vulnerability to compromise MySQL Server, causing it to hang or crash repeatedly. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-20996.
Read more Database