In Graphite a critical severity vulnerability CVE-2023-34308 was detected. It enables remote code execution when users engage with harmful files or web pages. The software lacks proper checks on files like projects and source code, causing buffer overflow. For additional details, visit https://avd.aquasec.com/nvd/2023/cve-2023-34308.
Read more Data AnalyticsIn Apache Airflow FTP Provider versions before 3.7.0 a high severity vulnerability CVE-2024-29733 was detected. This problem involves incomplete checks on certificates during secure FTP connections, which could be exploited. To fix this, proper certificate validation should be implemented by updating to version 3.7.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-29733/.
Read more Data AnalyticsIn Apache Airflow version 2.9.0 a critical security vulnerability CVE-2024-32077 was detected. This vulnerability allows attackers to inject data into the task instance logs. To address this issue, users are advised to upgrade to version 2.9.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-32077/.
In Fluent Bit versions 2.0.7 to 3.0.3 a critical security vulnerability CVE-2024-4323 was detected. This vulnerability allows attackers to parse trace requests and may result in remote code execution. There is no actual solution for this vulnerability. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-4323/.
In Airflow versions 2.7.0 through 2.8.4 a medium severity vulnerability CVE-2024-31869 was detected. A security flaw exposes sensitive provider configurations to authenticated users via the ‘configuration’ UI page when certain settings are configured, affecting mainly the Celery provider. Consider upgrading to Airflow version 2.9 or adjusting your expose_config setting to False as a temporary solution. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31869/.
Read more Data AnalyticsIn pgAdmin versions before 8.4 a critical severity vulnerability CVE-2024-2044 was detected. Unauthenticated attackers can execute code by loading and deserializing remote pickle objects on Windows servers, while authenticated attackers on POSIX/Linux servers can upload and deserialize pickle objects to gain code execution. The issue is fixed in versions 8.4 or higher. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2044/.
Read more DatabaseIn pgAdmin version 8.4 and earlier a high severity vulnerability CVE-2024-3116 was detected. It allows attackers to run harmful code on the server, endangering the integrity of the database system and the safety of your data. To address this issue, users are advised to update pgAdmin to version 8.5 or later. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-3116/.
Read more DatabaseIn Apache Kafka versions from 3.5.0 through 3.5.2, from 3.6.0 through 3.6.1 a critical vulnerability CVE-2024-27309 was detected. During the migration from ZooKeeper mode to KRaft mode in Apache Kafka, Access Control Lists (ACLs) may not be properly enforced, allowing attackers to bypass access restrictions. The issue is resolved in Apache Kafka versions 3.7.0 and 3.6.2. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-27309/.
Read more Data AnalyticsIn Elasticsearch versions 8.10.0 and before 8.13.0 a medium security vulnerability CVE-2024-23451 was detected. This vulnerability affects the API key-based security model for Remote Cluster Security 20. This allows a malicious user with a valid API key to read arbitrary documents from any index on a remote cluster. The issue is resolved in Elasticsearch version 8.13.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-23451.
Read more Data Analytics