Vulnerabilities > Mongodb > Mongodb > 3.6.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-04 | CVE-2021-32036 | Allocation of Resources Without Limits or Throttling vulnerability in Mongodb An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. | 7.1 |
2021-07-23 | CVE-2021-20333 | Improper Encoding or Escaping of Output vulnerability in Mongodb Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. | 5.3 |
2021-03-01 | CVE-2020-7929 | Unspecified vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. | 6.5 |
2020-11-24 | CVE-2019-20925 | Incorrect Comparison vulnerability in Mongodb An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. | 7.5 |
2020-11-23 | CVE-2020-7928 | Unspecified vulnerability in Mongodb A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. | 6.5 |
2020-11-23 | CVE-2019-2393 | Use After Free vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. | 6.5 |
2020-11-23 | CVE-2019-2392 | Integer Overflow or Wraparound vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. | 6.5 |
2020-11-23 | CVE-2018-20804 | Improper Input Validation vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. | 6.5 |
2020-05-06 | CVE-2020-7921 | Incorrect Authorization vulnerability in Mongodb Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. | 5.3 |
2019-08-30 | CVE-2019-2390 | Unspecified vulnerability in Mongodb An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. | 7.8 |