Vulnerabilities > Mongodb > Mongodb > 5.0.4

DATE CVE VULNERABILITY TITLE RISK
2024-08-27 CVE-2024-8207 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mongodb
In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process.
local
low complexity
mongodb CWE-610
6.7
2024-08-07 CVE-2024-7553 Unspecified vulnerability in Mongodb
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows.
local
low complexity
mongodb
7.8
2024-07-01 CVE-2024-6375 Missing Authorization vulnerability in Mongodb
A command for refining a collection shard key is missing an authorization check.
network
low complexity
mongodb CWE-862
6.5
2024-03-07 CVE-2024-1351 Improper Certificate Validation vulnerability in multiple products
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed.
network
low complexity
mongodb netapp CWE-295
critical
9.8
2023-08-23 CVE-2023-1409 Improper Certificate Validation vulnerability in Mongodb
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g.
network
low complexity
mongodb CWE-295
7.5
2022-04-21 CVE-2022-24272 Reachable Assertion vulnerability in Mongodb
An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database.
network
low complexity
mongodb CWE-617
6.5