In NocoDB versions 0.202.9 and prior a medium severity vulnerability CVE-2023-50718 was detected. This vulnerability allows attackers with created access to attack the database. To address this issue, users need to update to version 0.202.10. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-50718/.
Read more Database
In MySQL Cluster versions 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior a low severity vulnerability CVE-2024-21101 was detected. High-privileged attackers with network access can exploit this vulnerability to read some data in the MySQL Cluster without authorization. Currently, there is no fix version for this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21101/.
Read more Database
In the MySQL Server product of Oracle MySQL in versions 8.0.34 and prior a medium severity vulnerability CVE-2024-21053 was detected. It allows high-privileged attackers with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in the unauthorized ability to cause a hang or crash of MySQL Server. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21053/.
Read more Database
In ‘bson’ module of MongoDB version 4.6.2 a medium severity vulnerability CVE-2024-5629 was detected. This vulnerability allows attackers to have an access to the application memory. There are no solutions for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5629/.
Read more Database
In Apache Superset versions before 3.0.3 a medium severity vulnerability CVE-2023-49657 was detected. Attackers with permission to create or update charts or dashboards can insert harmful scripts or HTML snippets, enabling them to execute cross-site scripting attacks. To enhance security in 2.X versions, users need to update their configuration settings. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-49657/.
Read more Data Analytics
In Apache Airflow versions before 2.8.2 vulnerability CVE-2024-26280 was detected. This issue allows certain users to see audit logs they shouldn’t. Starting from version 2.8.2, only admin users can view audit logs by default. Others need explicit permission. It’s advised to upgrade to version 2.8.2 or later to fix this problem. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-26280/.
Read more Data Analytics
In Apache Airflow versions 2.8.0 through 2.8.2 a high severity vulnerability CVE-2024-28746 was detected. It allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-28746/.
Read more Data Analytics
In Graphite a critical severity vulnerability CVE-2023-34308 was detected. It enables remote code execution when users engage with harmful files or web pages. The software lacks proper checks on files like projects and source code, causing buffer overflow. For additional details, visit https://avd.aquasec.com/nvd/2023/cve-2023-34308.
Read more Data Analytics
In Apache Airflow FTP Provider versions before 3.7.0 a high severity vulnerability CVE-2024-29733 was detected. This problem involves incomplete checks on certificates during secure FTP connections, which could be exploited. To fix this, proper certificate validation should be implemented by updating to version 3.7.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-29733/.
Read more Data Analytics