CVE-2020-28421
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
Source: CVE-2020-28421
[월:] 2020년 11월
CVE-2020-7777
CVE-2020-7777
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.
Source: CVE-2020-7777
CVE-2018-20804
CVE-2018-20804
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.
Source: CVE-2018-20804
CVE-2018-20802
CVE-2018-20802
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3.
Source: CVE-2018-20802
CVE-2018-20805
CVE-2018-20805
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.
Source: CVE-2018-20805
CVE-2019-14553
CVE-2019-14553
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
Source: CVE-2019-14553
CVE-2019-14559
CVE-2019-14559
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
Source: CVE-2019-14559
CVE-2019-14562
CVE-2019-14562
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
Source: CVE-2019-14562
CVE-2019-20923
CVE-2019-20923
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine’s internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.
Source: CVE-2019-20923
CVE-2019-20924
CVE-2019-20924
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.
Source: CVE-2019-20924