Filtered by vendor Mongodb
Subscriptions
Total
81 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20328 | 3 Mongodb, Quarkus, Redhat | 4 Java Driver, Quarkus, Camel Quarkus and 1 more | 2024-09-16 | 6.4 Medium |
| Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. | ||||
| CVE-2021-20330 | 1 Mongodb | 1 Mongodb | 2024-09-16 | 6.5 Medium |
| An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. | ||||
| CVE-2019-2392 | 1 Mongodb | 1 Mongodb | 2024-09-16 | 6.5 Medium |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20. | ||||
| CVE-2020-7924 | 1 Mongodb | 2 Database Tools, Mongomirror | 2024-09-16 | 4.2 Medium |
| Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0. | ||||
| CVE-2019-20923 | 1 Mongodb | 1 Mongodb | 2024-09-16 | 6.5 Medium |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7. | ||||
| CVE-2022-24272 | 1 Mongodb | 1 Mongodb | 2024-09-16 | 6.5 Medium |
| An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6. | ||||
| CVE-2013-3969 | 1 Mongodb | 1 Mongodb | 2024-09-16 | N/A |
| The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object. | ||||
| CVE-2024-8654 | 1 Mongodb | 1 Mongodb | 2024-09-10 | 5 Medium |
| MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3. | ||||
| CVE-2024-8207 | 2 Linux, Mongodb | 2 Linux Kernel, Mongodb | 2024-08-30 | 6.4 Medium |
| In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue | ||||
| CVE-2023-0437 | 1 Mongodb | 1 C Driver | 2024-08-15 | 5.3 Medium |
| When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0. | ||||
| CVE-2024-3371 | 1 Mongodb | 1 Compass | 2024-08-07 | 7.1 High |
| MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0. | ||||
| CVE-2012-6619 | 2 Mongodb, Redhat | 5 Mongodb, Enterprise Mrg, Openstack and 2 more | 2024-08-06 | N/A |
| The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. | ||||
| CVE-2013-2132 | 4 Canonical, Mongodb, Opensuse and 1 more | 4 Ubuntu Linux, Mongodb, Opensuse and 1 more | 2024-08-06 | N/A |
| bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." | ||||
| CVE-2013-1892 | 2 Mongodb, Redhat | 2 Mongodb, Enterprise Mrg | 2024-08-06 | N/A |
| MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. | ||||
| CVE-2014-8180 | 2 Mongodb, Redhat | 2 Mongodb, Satellite | 2024-08-06 | N/A |
| MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | ||||
| CVE-2014-3971 | 1 Mongodb | 1 Mongodb | 2024-08-06 | N/A |
| The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. | ||||
| CVE-2015-7882 | 1 Mongodb | 1 Mongodb | 2024-08-06 | N/A |
| Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. | ||||
| CVE-2015-4411 | 2 Fedoraproject, Mongodb | 2 Fedora, Bson | 2024-08-06 | 7.5 High |
| The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | ||||
| CVE-2015-1609 | 3 Fedoraproject, Mongodb, Redhat | 4 Fedora, Mongodb, Satellite and 1 more | 2024-08-06 | N/A |
| MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | ||||
| CVE-2016-6494 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2024-08-06 | N/A |
| The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | ||||