Large aggregation pipelines with a specific stage can crash mongod under default configuration

It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS...

PT-2022-10064 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.2.16 MongoDB Server versions 4.4 prior to and including 4.4.28 MongoDB Server versions 5.0 prior to 5.0.4 Description: It may be possible to have an extremely long aggregation pipeline in conjunction with a...

CVE-2022-24827 SQL Injection in elide-datastore-aggregation

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...

SQL Injection in elide-datastore-aggregation

Impact When leveraging the following together: - Elide Aggregation Data Store for Analytic Queries - Parameterized Columns A column that requires a client provided parameter - A parameterized column of type TEXT There is the potential for a hacker to provide a carefully crafted query that would...

GHSA-8XPJ-9J9G-FC9R SQL Injection in elide-datastore-aggregation

Impact When leveraging the following together: - Elide Aggregation Data Store for Analytic Queries - Parameterized Columns A column that requires a client provided parameter - A parameterized column of type TEXT There is the potential for a hacker to provide a carefully crafted query that would...

com.yahoo.elide:elide-spring-boot-starter (=6.1.3), com.yahoo.elide:elide-standalone (=6.1.3) potentially affected by CVE-2022-24827 via com.yahoo.elide:elide-datastore-aggregation (=6.1.3)

com.yahoo.elide:elide-datastore-aggregation MAVEN version =6.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.yahoo.elide:elide-datastore-aggregation and may be impacted: - com.yahoo.elide:elide-spring-boot-starter =6.1.3 -...

FreeBSD-kernel -- Multiple WiFi issues

Problem Description: The paper "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" reported a number of security vulnerabilities in the 802.11 specification related to frame aggregation and fragmentation. Additionally, FreeBSD 12.x missed length validation of SSIDs an...

TWABDelegator allows easy circumvention of whale protection

Lines of code Vulnerability details In a recent interview, PoolTogether co-founder Leighton Cusack said: “Someone who had $1,000 right now into the USDC prize pool would have a 0.01% chance of winning a prize every week. That’s a less than 1% chance of winning a prize a year,” Cusack said. “With...

The Tripod Foundation of a Database Analytics Solution for Today’s Threat Landscape

In the first and second posts in this series, we explained why traditional approaches are no longer viable to take on today’s threat landscape and showed why internally-generated attacks are so difficult to stop. In this post, we’ll identify the critical elements of a highly effective database...

A walk through Project Zero metrics

Posted by Ryan Schoen, Project Zero tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the average now being well below the 90-day deadline, w...

ALPINE-CVE-2021-46664

MariaDB through 10.5.9 allows an application crash in subselectpostjoinaggr for a NULL value of aggr...

CVE-2021-46664

MariaDB through 10.5.9 allows an application crash in subselectpostjoinaggr for a NULL value of aggr...

Authentication Bypass

slurm-llnl is vulnerable to authentication bypass. when message aggregation is enabled, An attacker can exploit this vulnerability via an alternate path or channel while race condition allows a user to launch a process as an arbitrary user...

Vulnerabilities fixed in Cisco StarOS Software

Cisco has fixed vulnerabilities in StarOS, the operating system of a series of Aggregation Services Routers ASR. Because the debug mode was misconfigured, a remote malicious party may be able to access sensitive information and may be able to execute arbitrary code under the root privileges of th...

CVE-2022-22154

In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device SD control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service DoS. An SD can get...

CVE-2021-32037

An assertion flaw was found in the mongodb server where an aggregation request could trigger an invariant. An authorized user could exploit this flaw by sending a relevant aggregation request to a shard, which could result in a denial of service or server exit. Requests are usually sent via mongo...

UBUNTU-CVE-2021-32037

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shar...

CVE-2021-32037 User may trigger invariant when allowed to send commands directly to shards

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shar...

CVE-2021-32037

Removed by vendor...

CVE-2021-32037

MongoDB Server vulnerability CVE-2021-32037 affects MongoDB Server v5.0 versions prior to and including 5.0.2. An authorized user can trigger an invariant by sending a relevant aggregation request to a shard via mongos, with privileges needed to know shard addresses and to log in to shards in an ...