Monthly Archive: November 2020

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020. Date...

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a...

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a...

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a...

In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482. Date...

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1;...

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4...

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior...

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine’s internals. This...

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. Date published : 2020-11-23 https://bugzilla.tianocore.org/show_bug.cgi?id=1989 https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. Date published : 2020-11-23 https://bugzilla.tianocore.org/show_bug.cgi?id=1995 https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-11-23 https://bugzilla.tianocore.org/show_bug.cgi?id=1608 https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-11-23 https://bugzilla.tianocore.org/show_bug.cgi?id=2001 https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html

Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. Date published : 2020-11-23 https://bugzilla.tianocore.org/show_bug.cgi?id=2215 https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html