Vulnerabilities > Mongodb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-0437 | Infinite Loop vulnerability in Mongodb C Driver When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. | 7.5 |
| 2023-11-07 | CVE-2023-0436 | Information Exposure Through Log Files vulnerability in Mongodb Atlas Kubernetes Operator The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. | 7.5 |
| 2023-08-29 | CVE-2021-32050 | Information Exposure Through Log Files vulnerability in Mongodb products Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. | 7.5 |
| 2023-08-23 | CVE-2023-1409 | Improper Certificate Validation vulnerability in Mongodb If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. | 7.5 |
| 2023-08-08 | CVE-2023-4009 | Improper Privilege Management vulnerability in Mongodb OPS Manager Server In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. | 7.2 |
| 2023-06-09 | CVE-2023-0342 | Unspecified vulnerability in Mongodb OPS Manager Server MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. | 5.3 |
| 2023-02-21 | CVE-2022-48282 | Deserialization of Untrusted Data vulnerability in Mongodb C# Driver Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. | 7.2 |
| 2022-04-21 | CVE-2022-24272 | Reachable Assertion vulnerability in Mongodb An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. | 4.0 |
| 2022-04-12 | CVE-2021-32040 | Out-of-bounds Write vulnerability in Mongodb It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. | 7.5 |
| 2022-02-04 | CVE-2021-32036 | Allocation of Resources Without Limits or Throttling vulnerability in Mongodb An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. | 7.1 |