Data Management and Analytics

In Kibana versions up to 7.17.23 and 8.15.0 a medium severity vulnerability CVE-2024-43708 was detected. This vulnerability allows attackers to crash Kibana by sending a specially crafted payload to multiple inputs in the Kibana UI, exploiting the lack of resource allocation limits or throttling. To address this issue, users should upgrade Kibana to versions 7.17.23 or 8.15.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43708.

In Kibana versions from 8.0.0 up to 8.15.0 a high severity vulnerability CVE-2024-43707 was detected. This vulnerability allows attackers to view Elastic Agent policies without proper access, potentially exposing sensitive information based on the integrations enabled and their versions. To address this issue, users should upgrade Kibana to versions 8.15.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43707.

In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21543 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the server, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21543.

In MySQL Connectors (component: Connector/Python) versions 9.1.0 and prior a medium severity vulnerability CVE-2025-21548 was detected. This vulnerability allows a high-privileged attacker with network access and user interaction to create, delete, or modify critical data, access sensitive data, and cause a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21548.

In MySQL Enterprise Firewall versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21495 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21495.

In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21522 was detected. This vulnerability allows a low-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the system, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21522.

In Elasticsearch versions up to 7.17.21 and up to 8.13.3 a medium severity vulnerability CVE-2024-43709 was detected. This vulnerability allows attackers to cause an OutOfMemoryError exception and crash the system by executing a specially crafted query using an SQL function. To address this issue, users should upgrade Elasticsearch to version 7.17.21 or 8.13.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43709.

In Kibana versions up to 7.17.23 and up to 8.14.2 a medium severity vulnerability CVE-2024-52973 was detected. This vulnerability allows users with read access to the Observability-Logs feature to crash the system by sending a specially crafted request to `/api/log_entries/summary`, due to a lack of resource limits or throttling. To address this issue, users should upgrade Kibana to version 7.17.23 or 8.14.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52973.

In PostgreSQL versions before 17.3, 16.7, 15.11, 14.16 and 13.19 a high severity vulnerability CVE-2025-1094 was detected. This vulnerability allows attackers to exploit improper quoting in libpq functions and PostgreSQL command-line utilities, potentially leading to SQL injection in specific usage scenarios. To address this issue, users should upgrade to PostgreSQL 17.3, 16.7, 15.11, 14.16 or 13.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1094.