Vulnerabilities > Mongodb

DATE CVE VULNERABILITY TITLE RISK
2021-06-10 CVE-2021-20329 Improper Input Validation vulnerability in Mongodb GO Driver
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON.
network
low complexity
mongodb CWE-20
4.0
2021-05-13 CVE-2021-20331 Information Exposure vulnerability in Mongodb C# Driver 2.11.0/2.12.0/2.12.1
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application.
network
mongodb CWE-200
3.5
2021-04-30 CVE-2021-20326 Incorrect Permission Assignment for Critical Resource vulnerability in Mongodb
A user authorized to performing a specific type of find query may trigger a denial of service.
network
low complexity
mongodb CWE-732
4.0
2021-04-06 CVE-2021-20334 Improper Privilege Management vulnerability in Mongodb Compass
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass.
local
low complexity
mongodb CWE-269
4.6
2021-03-01 CVE-2018-25004 Improper Input Validation vulnerability in Mongodb
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query.
network
low complexity
mongodb CWE-20
4.0
2021-03-01 CVE-2020-7929 Unspecified vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex.
network
low complexity
mongodb
4.0
2021-02-25 CVE-2021-20328 Improper Certificate Validation vulnerability in multiple products
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate.
4.3
2021-02-25 CVE-2021-20327 Improper Certificate Validation vulnerability in Mongodb Libmongocrypt 1.2.0
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate.
4.3
2021-02-11 CVE-2021-20335 Cleartext Transmission of Sensitive Information vulnerability in Mongodb OPS Manager
For MongoDB Ops Manager <= 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager <= 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster.
low complexity
mongodb CWE-319
4.1
2020-11-24 CVE-2019-20925 Incorrect Comparison vulnerability in Mongodb
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory.
network
low complexity
mongodb CWE-697
5.0