Vulnerabilities > Mongodb > Mongodb > 4.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-1409 | Improper Certificate Validation vulnerability in Mongodb If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. | 7.5 |
| 2022-04-12 | CVE-2021-32040 | Out-of-bounds Write vulnerability in Mongodb It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. | 7.5 |
| 2022-02-04 | CVE-2021-32036 | Allocation of Resources Without Limits or Throttling vulnerability in Mongodb An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. | 7.1 |
| 2021-12-15 | CVE-2021-20330 | Improper Input Validation vulnerability in Mongodb An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. | 6.5 |
| 2021-04-30 | CVE-2021-20326 | Incorrect Permission Assignment for Critical Resource vulnerability in Mongodb A user authorized to performing a specific type of find query may trigger a denial of service. | 6.5 |
| 2020-11-23 | CVE-2020-7928 | Unspecified vulnerability in Mongodb A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. | 6.5 |
| 2020-11-23 | CVE-2019-2392 | Integer Overflow or Wraparound vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. | 6.5 |
| 2020-11-23 | CVE-2020-7926 | Improper Handling of Exceptional Conditions vulnerability in Mongodb 4.4.0 A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. | 6.5 |
| 2020-11-23 | CVE-2020-7925 | Improper Input Validation vulnerability in Mongodb Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. | 7.5 |