In Apache Superset versions 4.0.0 and 3.1.2 a medium severity vulnerability CVE-2024-34693 was detected. This vulnerability allows attackers to get access to the database. To address this issue, users must upgrade to version 4.0.1 or 3.1.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34693/.
Read more Data Analytics
In Kibana versions prior to 7.17.22 and prior to 8.14.0 a medium severity vulnerability CVE-2024-23443 was detected. This vulnerability allows attackers to upload a maliciously crafted osquery pack. To address this issue, users should upgrade Kibana to version 7.17.22, 8.14.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23443/.
Read more Data Analytics
In Kibana versions prior to 7.17.22 and from 8.0.0 prior to 8.14.0 a medium severity vulnerability CVE-2024-23442 was detected. This issue allows malicious URLs to redirect users to fake websites, making phishing attacks easier. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23442/.
Read more Data Analytics
In Apache Airflow versions before 2.9.2 a low severity vulnerability CVE-2024-25142 was detected. This vulnerability allows attackers to store sensitive data in the local cache of the browser. To address this issue, users must upgrade to version 2.9.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-25142/.
Read more Data Analytics
In MongoDB Server versions before 7.0.6, 6.0.14, and 5.0.25 a high severity vulnerability CVE-2024-3372 was detected. Improper metadata validation can cause MongoDB Server to incorrectly serialize BSON, resulting in unexpected behavior and serverStatus response issues. To address this issue, users should upgrade MongoDB to version 5.0.25, 6.0.14, 7.0.6, 7.2.1 or higher For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3372.
Read more Database
In Kibana versions from 8.6.3 through 8.13.4 a medium severity vulnerability CVE-2024-37279 was detected. The vulnerability allows users who only have permission to view alerting features to improperly use the run_soon API. This could lead to alerting rules with complex queries running continuously, which can slow down the system. To address this issue, users should upgrade to version 8.14.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37279.
Read more Data Analytics
In Elasticsearch a medium severity vulnerability CVE-2024-37280 was detected. This vulnerability allows attackers to cause a Denial of Service of the platform. There is no solution for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37280/.
Read more Data Analytics
In NocoDB version starting from 0.202.6 and prior to version 0.202.10 a medium severity vulnerability CVE-2023-50717 was detected. Attackers can upload harmful HTML files, causing a cross-site scripting attack when opened in a browser. This allowed attackers to run JavaScript in the user’s context, possibly performing actions or stealing information. To fix this issue, users should upgrade to version 0.202.10. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-50717.
Read more Database
In MongoDB Server versions 5.0.x up to 5.0.16 and 6.0.x up to 6.0.5 a medium severity vulnerability CVE-2024-3374 was detected. This vulnerability lets unauthorized users crash the server by creating a large BSON object during diagnostic metrics generation. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3374.
Read more Database