Vulnerabilities > Mongodb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-27 | CVE-2024-8207 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mongodb In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. | 6.7 |
2024-08-13 | CVE-2024-6384 | Unspecified vulnerability in Mongodb "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. | 5.3 |
2024-08-07 | CVE-2024-7553 | Unspecified vulnerability in Mongodb Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. | 7.8 |
2024-07-01 | CVE-2024-6375 | Missing Authorization vulnerability in Mongodb A command for refining a collection shard key is missing an authorization check. | 6.5 |
2024-07-01 | CVE-2024-6376 | Code Injection vulnerability in Mongodb Compass MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. | 9.8 |
2024-06-05 | CVE-2024-5629 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. | 8.1 |
2024-01-12 | CVE-2023-0437 | Infinite Loop vulnerability in Mongodb C Driver When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. | 7.5 |
2023-11-07 | CVE-2023-0436 | Information Exposure Through Log Files vulnerability in Mongodb Atlas Kubernetes Operator The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. | 7.5 |
2023-08-29 | CVE-2021-32050 | Information Exposure Through Log Files vulnerability in Mongodb products Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. | 7.5 |
2023-08-23 | CVE-2023-1409 | Improper Certificate Validation vulnerability in Mongodb If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. | 7.5 |