Filtered by vendor Mongodb Subscriptions
Total 78 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-3971 1 Mongodb 1 Mongodb 2024-08-06 N/A
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.
CVE-2015-7882 1 Mongodb 1 Mongodb 2024-08-06 N/A
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
CVE-2015-4411 2 Fedoraproject, Mongodb 2 Fedora, Bson 2024-08-06 7.5 High
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.
CVE-2015-1609 3 Fedoraproject, Mongodb, Redhat 4 Fedora, Mongodb, Satellite and 1 more 2024-08-06 N/A
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
CVE-2016-6494 2 Fedoraproject, Mongodb 2 Fedora, Mongodb 2024-08-06 N/A
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
CVE-2016-3104 1 Mongodb 1 Mongodb 2024-08-05 N/A
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
CVE-2017-15535 1 Mongodb 1 Mongodb 2024-08-05 N/A
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
CVE-2017-14227 1 Mongodb 1 Mongodb 2024-08-05 N/A
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.
CVE-2017-2665 2 Mongodb, Redhat 2 Mongodb, Storage Console 2024-08-05 N/A
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
CVE-2018-25004 1 Mongodb 1 Mongodb 2024-08-05 4.9 Medium
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
CVE-2018-20803 1 Mongodb 1 Mongodb 2024-08-05 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects MongoDB Server v4.0 versions prior to 4.0.5; MongoDB Server v3.6 versions prior to 3.6.10 and MongoDB Server v3.4 versions prior to 3.4.19.
CVE-2018-20804 1 Mongodb 1 Mongodb 2024-08-05 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.
CVE-2018-20805 1 Mongodb 1 Mongodb 2024-08-05 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.
CVE-2018-20802 1 Mongodb 1 Mongodb 2024-08-05 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.
CVE-2018-16790 1 Mongodb 1 Libbson 2024-08-05 N/A
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
CVE-2018-13863 1 Mongodb 1 Js-bson 2024-08-05 N/A
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.
CVE-2019-20925 1 Mongodb 1 Mongodb 2024-08-05 7.5 High
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.
CVE-2019-20924 1 Mongodb 1 Mongodb 2024-08-05 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.
CVE-2019-2392 1 Mongodb 1 Mongodb 2024-08-04 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.
CVE-2019-2391 1 Mongodb 1 Js-bson 2024-08-04 4.2 Medium
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.