Vulnerabilities > Mongodb > Mongodb > 4.0.2

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-32036 Allocation of Resources Without Limits or Throttling vulnerability in Mongodb
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention.
network
low complexity
mongodb CWE-770
7.1
2021-12-15 CVE-2021-20330 Improper Input Validation vulnerability in Mongodb
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries.
network
low complexity
mongodb CWE-20
6.5
2021-07-23 CVE-2021-20333 Improper Encoding or Escaping of Output vulnerability in Mongodb
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split.
network
low complexity
mongodb CWE-116
5.3
2021-03-01 CVE-2018-25004 Improper Input Validation vulnerability in Mongodb
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query.
network
low complexity
mongodb CWE-20
4.9
2021-03-01 CVE-2020-7929 Unspecified vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex.
network
low complexity
mongodb
6.5
2020-11-24 CVE-2019-20925 Incorrect Comparison vulnerability in Mongodb
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory.
network
low complexity
mongodb CWE-697
7.5
2020-11-23 CVE-2018-20803 Infinite Loop vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks.
network
low complexity
mongodb CWE-835
6.5
2020-11-23 CVE-2020-7928 Unspecified vulnerability in Mongodb
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries.
network
low complexity
mongodb
6.5
2020-11-23 CVE-2019-2393 Use After Free vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations.
network
low complexity
mongodb CWE-416
6.5
2020-11-23 CVE-2019-2392 Integer Overflow or Wraparound vulnerability in Mongodb
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values.
network
low complexity
mongodb CWE-190
6.5