Vulnerabilities > Mongodb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-28 | CVE-2024-8013 | Cleartext Transmission of Sensitive Information vulnerability in Mongodb Mongo Crypt V1.So and Mongocryptd A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. | 3.3 |
| 2024-10-21 | CVE-2024-8305 | Unspecified vulnerability in Mongodb prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. | 6.5 |
| 2024-08-27 | CVE-2024-8207 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mongodb In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. | 6.7 |
| 2024-08-13 | CVE-2024-6384 | Unspecified vulnerability in Mongodb "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. | 5.3 |
| 2024-08-07 | CVE-2024-7553 | Unspecified vulnerability in Mongodb Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. | 7.8 |
| 2024-07-01 | CVE-2024-6375 | Missing Authorization vulnerability in Mongodb A command for refining a collection shard key is missing an authorization check. | 6.5 |
| 2024-07-01 | CVE-2024-6376 | Code Injection vulnerability in Mongodb Compass MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. | 9.8 |
| 2024-06-05 | CVE-2024-5629 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. | 8.1 |
| 2024-01-12 | CVE-2023-0437 | Infinite Loop vulnerability in Mongodb C Driver When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. | 7.5 |
| 2023-11-07 | CVE-2023-0436 | Information Exposure Through Log Files vulnerability in Mongodb Atlas Kubernetes Operator The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. | 7.5 |