Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The OVERWRITE clause of the DEFINE TABLE statement would fail to overwrite data for tables that were defined with TYPE RELATION. Since table definitions include the PERMISSIONS clause, this failure would result in permissions not being overwritten as a result, which may potentially lead users to believe they have changed the table permissions when they have not.
Impact
If a user attempted to update table permissions of a table defined with TYPE RELATION using DEFINE TABLE ... OVERWRITE, permissions for the table would not be changed. This may allow a client that is authorized to run queries in a SurrealDB server to access certain data in that specific table that they were not intended to be able to access after the specified change in permissions.
Patches
The DEFINE TABLE statement has been updated to appropriately overwrite data for tables defined with TYPE RELATION.
Version 2.1.3 and later are not affected by this issue.
Workarounds
Users of tables with TYPE RELATION that may have been modified using the OVERWRITE clause in order to update permissions are advised to verify that the intended permissions are in place using the INFO FOR DB statement. Affected users who are unable to update and require updating permissions in a table with TYPE RELATION will be required to remove the table and define it from scratch with the intended permissions. Data can be preserved by backing it up to a temporary table.
References
#5260
References
https://github.com/surrealdb/surreald...
December 18th, 2024 (4 months ago)
|
|
|
Description: Actions direct agencies to deploy specific security configurations to reduce cyber-risk.
December 18th, 2024 (4 months ago)
|
|
|
Description: The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks.
December 18th, 2024 (4 months ago)
|
|
|
Description: Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.
December 18th, 2024 (4 months ago)
|
|
|
Description: The cybersecurity startup's data loss protection platform uses contextual redaction to help organizations safely use private business information across AI platforms.
December 18th, 2024 (4 months ago)
|
|
|
Description: The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity.
December 18th, 2024 (4 months ago)
|
|
|
Description: Working closely with CISOs, chief financial officers can become key players in protecting their organizations' critical assets and ensuring long-term financial stability.
December 18th, 2024 (4 months ago)
|
|
|
Description: Analysis of packer-as-a-service (PaaS) HeartCrypt reveals its use in over 2k malicious payloads across 45 malware families since its early 2024 appearance.
The post Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation appeared first on Unit 42.
December 18th, 2024 (4 months ago)
|
|
|
Description: Vulnerabilities in Microsoft Azure Data Factory's integration with Apache Airflow can lead to unauthorized access and control over cloud resources.
The post Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration appeared first on Unit 42.
December 18th, 2024 (4 months ago)
|
|
|
Description: Using real-world examples and offering plenty of pragmatic tips, learn how to protect your directory services from LDAP-based attacks.
The post LDAP Enumeration: Unveiling the Double-Edged Sword of Active Directory appeared first on Unit 42.
December 18th, 2024 (4 months ago)
|