Arbitrary Code Execution

Overview MongoDB.Driver is an Official .NET driver for MongoDB. Affected versions of this package are vulnerable to Arbitrary Code Execution via ObjectSerializer when deserializing a compromised object. Exploiting this vulnerability allows a privileged user to cause arbitrary code execution, whic...

CVE-2022-48282

Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...

Design/Logic Flaw

Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...

CVE-2022-48282

CVE-2022-48282 affects MongoDB .NET/C# Driver up to version 2.18.0. Under very specific conditions, a privileged user can cause arbitrary code execution via deserialization, involving applications written in C# running on Windows with the full .NET Framework, taking user data, and serializing wit...

CVE-2022-48282 Deserializing compromised object with MongoDB .NET/C# Driver may cause remote code execution

Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...

PT-2023-15661 · Mongodb · Mongodb .Net/C# Driver

Name of the Vulnerable Software and Affected Versions: MongoDB .NET/C Driver versions prior to and including v2.18.0 Description: Under very specific circumstances, a privileged user is able to cause arbitrary code to be executed, which may cause further disruption to services. This issue is...

GHSA-FV7X-V67W-CVQV Spring Data REST can expose hidden entity attributes

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.6.6, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes...

CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes...

Design/Logic Flaw

An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's intern...