Vulnerabilities > Mongodb > Mongodb > 2.6.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-04 | CVE-2021-32036 | Allocation of Resources Without Limits or Throttling vulnerability in Mongodb An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. | 7.1 |
2017-04-14 | CVE-2016-3104 | Resource Exhaustion vulnerability in Mongodb 2.4.0/2.6.0 mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. | 5.0 |
2016-10-03 | CVE-2016-6494 | Information Exposure vulnerability in multiple products The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | 5.5 |
2015-03-30 | CVE-2015-1609 | Improper Input Validation vulnerability in multiple products MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | 5.0 |
2014-12-25 | CVE-2014-3971 | Improper Input Validation vulnerability in Mongodb 2.6.0/2.6.1 The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. | 5.0 |