In MongoDB Enterprise Server versions 6.0 to 6.0.16, 7.0 to 7.0.11, and 7.3 to 7.3.3 a medium severity vulnerability CVE-2024-6384 was detected. This vulnerability allows unauthorized access to potentially sensitive data stored in those backups.To fix this issue, users must upgrade to version 8.14.2 or 7.17.23 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6384.
Read more DatabaseIn MongoDB Server versions 5.0 to 5.0.27, 6.0 to 6.0.16, 7.0 to 7.0.12, 7.3 to 7.3.3, MongoDB C Driver versions to 1.26.2, and MongoDB PHP Driver versions to 1.18.1 a high severity vulnerability CVE-2024-7553 was detected. This vulnerability allows local privilege escalation on Windows by improperly validating files from untrusted directories. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7553.
In Elasticsearch versions 7.0.0 to 7.17.18 and 8.0.0 to 8.12.0 a medium severity vulnerability CVE-2024-23444 was detected. This vulnerability allows attackers to potentially access the unprotected private key stored on the computer, posing a security risk. To fix this problem, users should upgrade Elasticsearch to versions 7.17.19 and 8.13.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23444.
In MySQL version 8.4.0 and prior a medium severity vulnerability CVE-2024-21170 was detected. This vulnerability allows attackers to gain unauthorized access to and modify data in MySQL Connectors, potentially causing disruptions and partial service outages. To fix this problem, users should upgrade MySQL to version 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21170.
In MySQL versions 8.0.37 and earlier, 8.4.0 and earlier a medium severity vulnerability CVE-2024-21177 was detected. This vulnerability allows attackers to repeatedly crash MySQL Server, resulting in a total service outage. To fix this problem, users should upgrade MySQL to versions 8.0.38 and later, 8.4.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21177.
Read more DatabaseIn Kibana versions before 8.11.2 a medium severity vulnerability CVE-2024-37281 was detected. This vulnerability allows attackers to crash a Kibana instance by sending too many harmful requests. To fix this problem, users should upgrade Kibana to version 8.11.2 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37281.
Read more Data AnalyticsIn Elasticsearch versions 7.0.0 prior to 7.17.16 and 8.0.0 prior to 8.11.2 a medium severity vulnerability CVE-2023-49921 was detected. This allows attackers to access and view sensitive information stored in Elasticsearch through the detailed log files. To fix this problem, users should upgrade Elasticsearch to versions 7.17.16, and 8.11.2. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-49921.
Read more Data AnalyticsIn Couchbase Server versions before 7.2.5 and 7.6.0 before 7.6.1 a low severity vulnerability CVE-2024-37034 was detected. This vulnerability allows attackers to intercept and potentially steal sensitive information because the credentials are not properly secured. To fix this problem, users should upgrade Couchbase Server to versions 7.2.5 and 7.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37034.
Read more DatabaseIn MongoDB Rust Driver 2.0 versions prior to 2.8.2 a medium severity vulnerability CVE-2024-6382 was detected. Incorrect handling of some string inputs in the MongoDB Rust driver can create unintended server commands, leading to unexpected behavior or data modification. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6382.
Read more Database