Latest Mongodb Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-11-24 CVE-2019-20925 Incorrect Comparison vulnerability in Mongodb
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory.
network
low complexity
mongodb CWE-697
5.0
2020-11-23 CVE-2020-7927 Unspecified vulnerability in Mongodb OPS Manager
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege.
network
low complexity
mongodb
4.0
2020-11-23 CVE-2018-20803 Infinite Loop vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks.
network
low complexity
mongodb CWE-835
4.0
2020-11-23 CVE-2020-7928 Unspecified vulnerability in Mongodb
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries.
network
low complexity
mongodb
4.0
2020-11-23 CVE-2018-20802 Unspecified vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner.
network
low complexity
mongodb
4.0
2020-11-23 CVE-2018-20804 Improper Input Validation vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations.
network
low complexity
mongodb CWE-20
4.0
2020-11-23 CVE-2018-20805 Excessive Iteration vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc.
network
low complexity
mongodb CWE-834
4.0
2020-11-23 CVE-2019-20923 Unspecified vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals.
network
low complexity
mongodb
4.0
2020-11-23 CVE-2019-20924 Improper Check for Unusual OR Exceptional Conditions vulnerability in Mongodb 4.2.0/4.2.1
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder.
network
low complexity
mongodb CWE-754
4.0
2020-11-23 CVE-2019-2392 Integer Overflow OR Wraparound vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values.
network
low complexity
mongodb CWE-190
4.0