GHSA-7Q9F-X6RM-QMXR Command Injection in compass-compile

compass-compile through 0.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

crooked-compass.com Improper Access Control vulnerability OBB-2297103

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5 Themes for Product Security and Fostering Organizational Growth

In this article we would like to review what Raj Umadas, Product Security Manager at Compass, has shared during our recent webinar highlighting recurring themes that have led to impactful collaborations and organizational risk reduction. Product security ProdSec is crucial in the process of growi...

@mongodb-js/compass-aggregations (>=0.0.20 <=4.1.0), @mongodb-js/compass-export-to-language (>=2.2.22 <=2.2.24) +4 more potentially affected by CVE-2020-24391 via mongodb-query-parser (>=0.0.1 <=1.5.0)

mongodb-query-parser NPM version =0.0.1, =0.0.20, =2.2.22, =0.0.3, =3.0.0, =1.0.3, =0.0.1, =0.4.2 Source cves: CVE-2020-24391 Source advisory: OSV:GHSA-HXMG-HM46-CF62...

CVE-2021-20334

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x...

CVE-2021-20334

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x...

Design/Logic Flaw

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x...

CVE-2021-20334

CVE-2021-20334 is a local privilege escalation affecting MongoDB Compass on Windows. A malicious third party with local access can execute arbitrary software with the privileges of the user running MongoDB Compass. Affected products include MongoDB Compass 1.x (starting with 1.3.0 on Windows) and...

CVE-2021-20334 Local privilege escalation in MongoDB Compass for Windows

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x...

Mongodb Server 安全漏洞

Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB that allows privileged execution of arbitrary software...

Local privilege escalation in MongoDB Compass for Windows

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x...

Compass Plus e-Commerce Payment Gateway 代码问题漏洞

Compass Plus e-Commerce Payment Gateway is an application interface of the Russian company Compass Plus. It provides an API interface for payment functions. A security vulnerability exists in TranzWare e-Commerce Payment Gateway before 3.1.27.5, which is caused by a vulnerability in the XML parse...

Checkmk 1.6.0p16 Local Privilege Escalation

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Checkmk Vendor: tribe29 GmbH CSNC ID: CSNC-2020-005 Subject: Local Privilege Escalation Risk: High Effect: Locally exploitable Authors: Thierry Viaccoz Date: 21.09.2020 Introduction: ------------- Checkmk 1 i...

@mongodb-js/compass-aggregations (>=0.0.20 <=4.1.0), @mongodb-js/compass-export-to-language (>=2.2.22 <=2.2.24) +4 more potentially affected by unknown CVE via mongodb-query-parser (>=0.0.1 <=1.5.0)

mongodb-query-parser NPM version =0.0.1, =0.0.20, =2.2.22, =0.0.3, =3.0.0, =1.0.3, =0.0.1, =0.4.2 Source cves: unknown CVE Source advisory: OSV:GHSA-97MG-3CR6-3X4C...

extranet.compass-expertise.fr Cross Site Scripting vulnerability OBB-1234576

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Froala WYSIWYG HTML Editor Vendor: Froala CSNC ID: CSNC-2020-004 CVE ID: CVE-2019-19935 Subject: DOM XSS in Froala WYSIWYG HTML Editor Severity: Medium Effect: Remotely exploitable Author: Emanuel Duss Date:...

Microsoft Windows Task Scheduler Security Feature Bypass Vulnerability

Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his...

CVE-2018-21039

An issue was discovered on Samsung mobile devices with N7.0 software. With the Location permission for the compass feature in Quick Tools aka QuickTools, an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 December 2018...

Security feature bypass

An issue was discovered on Samsung mobile devices with N7.0 software. With the Location permission for the compass feature in Quick Tools aka QuickTools, an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 December 2018...

CVE-2018-21039

CVE-2018-21039 affects Samsung mobile devices running Android 7.0 (Nougat). The issue arises when granting Location permission to the compass feature in Quick Tools/QuickTools, enabling a lockscreen bypass. Connected sources reiterate the vulnerability but do not provide detailed root-cause analy...