Vulnerabilities > Mongodb > Mongodb > 3.6.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-30 | CVE-2019-2390 | Unspecified vulnerability in Mongodb An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. | 7.8 |
| 2019-08-30 | CVE-2019-2389 | Improper Input Validation vulnerability in Mongodb Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. | 4.2 |
| 2019-08-06 | CVE-2019-2386 | Insufficient Session Expiration vulnerability in Mongodb After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. | 7.1 |