In MySQL Server versions prior to 8.0.37 and prior to 8.4.0 a medium severity vulnerability CVE-2024-21179 was detected. This vulnerability allows attackers with network access to cause a hang or crash, leading to a denial of service (DoS). To fix this problem, users should upgrade MySQL Server to versions 8.0.37 and 8.4.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21179.
Read more Database
In libbson MongoDB versions prior to 1.26.2 a medium severity vulnerability CVE-2024-6381 was detected. The bson_strfreev function in the MongoDB C driver might have an integer overflow issue, causing it to free memory incorrectly. The issue is fixed in libbson MongoDB version 1.26.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6381.
Read more Database
In Apache NiFi versions 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 a medium severity vulnerability CVE-2024-37389 was detected. This vulnerability allows attackers to exploit a security flaw that can lead to remote code execution, data exposure and system compromise. To fix this problem, users should upgrade Apache NiFi to versions 1.27.0 or 2.0.0-M4. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37389.
Read more Data Analytics
In MongoDB Compass versions before 1.42.2 a high severity vulnerability CVE-2024-6376 was detected. This vulnerability allows attackers to run unauthorized code on the system by exploiting a weakness in its security settings. To fix this problem, users should upgrade MongoDB Compass to version 1.42.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6376/.
Read more Database
In MongoDB versions prior to 1.27.1 a medium severity vulnerability CVE-2024-6383 was detected. This vulnerability allows attackers to overflow a program’s memory, causing it to malfunction or crash. To fix this problem, users should upgrade the libbson library of MongoDB to version 1.27.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6383.
Read more Database
In MySQL Server versions 8.0.36 and prior, 8.3.0 and prior a medium severity vulnerability CVE-2024-21159 was detected. This vulnerability allows attackers with high-level access to crash or freeze the MySQL Server, making it unusable. To fix this problem, users should upgrade MySQL Server to version 8.0.38-1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21159.
Read more Database
In MySQL Server versions 8.0.37 and prior, 8.4.0 and prior a medium severity vulnerability CVE-2024-21163 was detected. This vulnerability allows attackers to remotely crash or freeze the server, and potentially modify or delete some of its data. To fix this problem, users should upgrade MySQL Server to versions 8.0.38-1 and 8.4.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21163.
Read more Database
In JupyterLab extension template (copier) a high severity security vulnerability CVE-2024-39700 was detected. This vulnerability allows attackers to perform Remote Code Execution (RCE) via the `update-integration-tests.yml` workflow included in repositories created with the `test` option. To address this issue, users should upgrade the template to version 4.3.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39700.
Read more Machine Learning
In Airflow versions 2.4.0 and before 2.9.3 a low severity vulnerability CVE-2024-39877 was detected. This vulnerability allows attackers to execute arbitrary code in the scheduler context. To address this issue, users must upgrade to the version 2.9.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39877.
Read more Data Analytics