Vulnerabilities > Mongodb > Mongodb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-23 | CVE-2023-1409 | Improper Certificate Validation vulnerability in Mongodb If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. | 7.5 |
2022-04-21 | CVE-2022-24272 | Reachable Assertion vulnerability in Mongodb An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. | 4.0 |
2022-04-12 | CVE-2021-32040 | Out-of-bounds Write vulnerability in Mongodb It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. | 7.5 |
2022-02-04 | CVE-2021-32036 | Allocation of Resources Without Limits or Throttling vulnerability in Mongodb An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. | 7.1 |
2022-01-20 | CVE-2021-32039 | Insufficiently Protected Credentials vulnerability in Mongodb Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. | 5.5 |
2021-12-15 | CVE-2021-20330 | Improper Input Validation vulnerability in Mongodb An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. | 6.5 |
2021-11-24 | CVE-2021-32037 | Reachable Assertion vulnerability in Mongodb 5.0.0/5.0.1/5.0.2 An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. | 6.5 |
2021-07-23 | CVE-2021-20333 | Improper Encoding or Escaping of Output vulnerability in Mongodb Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. | 5.3 |
2021-04-30 | CVE-2021-20326 | Incorrect Permission Assignment for Critical Resource vulnerability in Mongodb A user authorized to performing a specific type of find query may trigger a denial of service. | 6.5 |
2021-03-01 | CVE-2018-25004 | Improper Input Validation vulnerability in Mongodb A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. | 4.9 |