Vulnerabilities > Mongodb > Mongodb > 3.4.4

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-32036 Allocation of Resources Without Limits or Throttling vulnerability in Mongodb
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention.
network
low complexity
mongodb CWE-770
7.1
2020-11-24 CVE-2019-20925 Incorrect Comparison vulnerability in Mongodb
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory.
network
low complexity
mongodb CWE-697
7.5
2020-11-23 CVE-2018-20803 Infinite Loop vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks.
network
low complexity
mongodb CWE-835
6.5
2019-08-30 CVE-2019-2390 Unspecified vulnerability in Mongodb
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility.
local
low complexity
mongodb
7.8
2019-08-30 CVE-2019-2389 Improper Input Validation vulnerability in Mongodb
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init.
local
low complexity
mongodb CWE-20
4.2
2019-08-06 CVE-2019-2386 Insufficient Session Expiration vulnerability in Mongodb
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones.
network
high complexity
mongodb CWE-613
7.1
2017-11-01 CVE-2017-15535 Unspecified vulnerability in Mongodb
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
network
low complexity
mongodb
6.4