Filtered by vendor Mongodb
Subscriptions
Total
78 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-6384 | 1 Mongodb | 1 Mongodb | 2024-08-16 | 5.3 Medium |
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3 | ||||
CVE-2023-0437 | 1 Mongodb | 1 C Driver | 2024-08-15 | 5.3 Medium |
When calling bson_utf8_validateĀ on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0. | ||||
CVE-2024-3371 | 1 Mongodb | 1 Compass | 2024-08-07 | 7.1 High |
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0. | ||||
CVE-2012-6619 | 2 Mongodb, Redhat | 5 Mongodb, Enterprise Mrg, Openstack and 2 more | 2024-08-06 | N/A |
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. | ||||
CVE-2013-2132 | 4 Canonical, Mongodb, Opensuse and 1 more | 4 Ubuntu Linux, Mongodb, Opensuse and 1 more | 2024-08-06 | N/A |
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." | ||||
CVE-2013-1892 | 2 Mongodb, Redhat | 2 Mongodb, Enterprise Mrg | 2024-08-06 | N/A |
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. | ||||
CVE-2014-8180 | 2 Mongodb, Redhat | 2 Mongodb, Satellite | 2024-08-06 | N/A |
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | ||||
CVE-2014-3971 | 1 Mongodb | 1 Mongodb | 2024-08-06 | N/A |
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. | ||||
CVE-2015-7882 | 1 Mongodb | 1 Mongodb | 2024-08-06 | N/A |
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. | ||||
CVE-2015-4411 | 2 Fedoraproject, Mongodb | 2 Fedora, Bson | 2024-08-06 | 7.5 High |
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | ||||
CVE-2015-1609 | 3 Fedoraproject, Mongodb, Redhat | 4 Fedora, Mongodb, Satellite and 1 more | 2024-08-06 | N/A |
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | ||||
CVE-2016-6494 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2024-08-06 | N/A |
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | ||||
CVE-2016-3104 | 1 Mongodb | 1 Mongodb | 2024-08-05 | N/A |
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. | ||||
CVE-2017-15535 | 1 Mongodb | 1 Mongodb | 2024-08-05 | N/A |
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. | ||||
CVE-2017-14227 | 1 Mongodb | 1 Mongodb | 2024-08-05 | N/A |
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. | ||||
CVE-2017-2665 | 2 Mongodb, Redhat | 2 Mongodb, Storage Console | 2024-08-05 | N/A |
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. | ||||
CVE-2018-16790 | 1 Mongodb | 1 Libbson | 2024-08-05 | N/A |
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. | ||||
CVE-2019-2391 | 1 Mongodb | 1 Js-bson | 2024-08-04 | 4.2 Medium |
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to. | ||||
CVE-2019-2389 | 1 Mongodb | 1 Mongodb | 2024-08-04 | 5.3 Medium |
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22. | ||||
CVE-2019-2390 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2024-08-04 | 8.2 High |
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server v3.4 prior to 3.4.22. |