Vulnerabilities > Mongodb

DATE CVE VULNERABILITY TITLE RISK
2024-08-27 CVE-2024-8207 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mongodb
In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process.
local
low complexity
mongodb CWE-610
6.7
2024-08-13 CVE-2024-6384 Unspecified vulnerability in Mongodb
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier.
network
high complexity
mongodb
5.3
2024-08-07 CVE-2024-7553 Unspecified vulnerability in Mongodb
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows.
local
low complexity
mongodb
7.8
2024-07-01 CVE-2024-6375 Missing Authorization vulnerability in Mongodb
A command for refining a collection shard key is missing an authorization check.
network
low complexity
mongodb CWE-862
6.5
2024-07-01 CVE-2024-6376 Code Injection vulnerability in Mongodb Compass
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling.
network
low complexity
mongodb CWE-94
critical
9.8
2024-06-05 CVE-2024-5629 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
network
low complexity
mongodb debian CWE-125
8.1
2024-01-12 CVE-2023-0437 Infinite Loop vulnerability in Mongodb C Driver
When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e.
network
low complexity
mongodb CWE-835
7.5
2023-11-07 CVE-2023-0436 Information Exposure Through Log Files vulnerability in Mongodb Atlas Kubernetes Operator
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled.
network
low complexity
mongodb CWE-532
7.5
2023-08-29 CVE-2021-32050 Information Exposure Through Log Files vulnerability in Mongodb products
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application.
network
low complexity
mongodb CWE-532
7.5
2023-08-23 CVE-2023-1409 Improper Certificate Validation vulnerability in Mongodb
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g.
network
low complexity
mongodb CWE-295
7.5