Lucene search
+L

25 matches found

bdu_fstec
bdu_fstec
added 2020/08/12 12:0 a.m.7 views

The vulnerability of the BSON parsing software package, caused by integer overflows, allows attackers to trigger a service failure.

The vulnerability of the BSON parsing software package arises due to a numerical overflow condition. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions...

7.1CVSS5.9AI score0.01165EPSS
Exploits1References6Affected Software2
github
github
added 2019/10/22 8:19 p.m.77 views

Improper Input Validation in Automattic Mongoose

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

9.1CVSS8.7AI score0.0166EPSS
Exploits0References7Affected Software1
nvd
nvd
added 2019/10/10 2:5 a.m.24 views

CVE-2019-17426

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

9.1CVSS9.1AI score0.0166EPSS
Exploits0References2
prion
prion
added 2019/10/10 2:5 a.m.22 views

Improper access control

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

6.4CVSS9.1AI score0.0166EPSS
Exploits0References2Affected Software1
cve
cve
added 2019/10/10 12:35 a.m.142 views

CVE-2019-17426

Automattic Mongoose up to version 5.7.4 is affected. The root cause is that a query object containing a _bsontype attribute is ignored, which can bypass access control in some applications (e.g., a query filter interference with _bsontype). The CVE covers this behavior in older versions of the bs...

9.1CVSS9AI score0.0166EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder