In Kibana versions up to 7.17.23 and 8.15.0 a medium severity vulnerability CVE-2024-43708 was detected. This vulnerability allows attackers to crash Kibana by sending a specially crafted payload to multiple inputs in the Kibana UI, exploiting the lack of resource allocation limits or throttling. To address this issue, users should upgrade Kibana to versions 7.17.23 or 8.15.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43708.
Read more Data Analytics
In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21543 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the server, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21543.
Read more Database
In MySQL Connectors (component: Connector/Python) versions 9.1.0 and prior a medium severity vulnerability CVE-2025-21548 was detected. This vulnerability allows a high-privileged attacker with network access and user interaction to create, delete, or modify critical data, access sensitive data, and cause a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21548.
Read more Database
In MySQL Enterprise Firewall versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21495 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21495.
Read more Database
In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21522 was detected. This vulnerability allows a low-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21522.
Read more Database
In Elasticsearch versions up to 7.17.21 and up to 8.13.3 a medium severity vulnerability CVE-2024-43709 was detected. This vulnerability allows attackers to cause an OutOfMemoryError exception and crash the system by executing a specially crafted query using an SQL function. To address this issue, users should upgrade Elasticsearch to version 7.17.21 or 8.13.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43709.
Read more Data Analytics
In Kibana versions up to 7.17.23 and up to 8.14.2 a medium severity vulnerability CVE-2024-52973 was detected. This vulnerability allows users with read access to the Observability-Logs feature to crash the system by sending a specially crafted request to `/api/log_entries/summary`, due to a lack of resource limits or throttling. To address this issue, users should upgrade Kibana to version 7.17.23 or 8.14.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52973.
Read more Data Analytics
In PostgreSQL versions before 17.3, 16.7, 15.11, 14.16 and 13.19 a high severity vulnerability CVE-2025-1094 was detected. This vulnerability allows attackers to exploit improper quoting in libpq functions and PostgreSQL command-line utilities, potentially leading to SQL injection in specific usage scenarios. To address this issue, users should upgrade to PostgreSQL 17.3, 16.7, 15.11, 14.16 or 13.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1094.
Read more Database
In the RediSearch module that provides querying, secondary indexing, and full-text search for Redis versions 2.6.24, 2.8.21, 2.10.10 a high severity vulnerability CVE-2024-51737 was detected. This vulnerability allows attackers to trigger a buffer overflow by using specially crafted arguments in the FT.SEARCH or FT.AGGREGATE commands, potentially leading to remote code execution. To fix this issue, users should upgrade the RediSearch module for Redis to versions 2.6.24, 2.8.21, and 2.10.10. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51737.