In MySQL Server versions 8.0.36 and prior, 8.3.0 and prior a medium severity vulnerability CVE-2024-21159 was detected. This vulnerability allows attackers with high-level access to crash or freeze the MySQL Server, making it unusable. To fix this problem, users should upgrade MySQL Server to version 8.0.38-1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21159.
Read more Database
In MySQL Server versions 8.0.37 and prior, 8.4.0 and prior a medium severity vulnerability CVE-2024-21163 was detected. This vulnerability allows attackers to remotely crash or freeze the server, and potentially modify or delete some of its data. To fix this problem, users should upgrade MySQL Server to versions 8.0.38-1 and 8.4.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21163.
Read more Database
In Zowe in Command Line Interface (CLI) a medium severity vulnerability CVE-2024-6916 was detected. This vulnerability allows local, privileged actors to display securely stored properties in cleartext within a terminal using the ‘–show-inputs-only’ flag. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6916.
Read more Developer Tools
In JupyterLab extension template (copier) a high severity security vulnerability CVE-2024-39700 was detected. This vulnerability allows attackers to perform Remote Code Execution (RCE) via the `update-integration-tests.yml` workflow included in repositories created with the `test` option. To address this issue, users should upgrade the template to version 4.3.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39700.
Read more Machine Learning
In Airflow versions 2.4.0 and before 2.9.3 a low severity vulnerability CVE-2024-39877 was detected. This vulnerability allows attackers to execute arbitrary code in the scheduler context. To address this issue, users must upgrade to the version 2.9.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39877.
Read more Data Analytics
In Fastapi OPA a medium severity vulnerability CVE-2024-40627 was detected. The OpaMiddleware lets all HTTP OPTIONS requests through without checking authentication, which can reveal entity existence to attackers. To address this issue users should upgrade to version 2.0.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-40627.
Read more Application Development
In Apache Airflow version before 2.9.3 a medium severity vulnerability CVE-2024-39863 was detected. This vulnerability allows an authenticated attacker to inject a malicious link when installing a provider. To fix this problem, users should upgrade Apache Airflow to version 2.9.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39863.
Read more Data Analytics
In Zowe in the API Mediation Layer (APIML) Spring Cloud Gateway a critical severity vulnerability CVE-2024-6834 was detected. This vulnerability allows a user to exploit Zowe’s client certificate to sign proxied requests, providing unauthorized access to endpoints that normally require internal client certificates. Consequently, an attacker can manage various components and intercept all communication, including user credentials. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6834.
Read more Developer Tools
In Superset version 4.0.1 a medium severity vulnerability CVE-2024-39887 was detected. This vulnerability allows attackers to bypass Apache Superset’s SQL authorization. To address this issue, users must update version 4.0.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39887/.
Read more Data Analytics