Vulnerabilities > Mongodb > Mongodb > 5.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-27 | CVE-2024-8207 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mongodb In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. | 6.7 |
2024-08-07 | CVE-2024-7553 | Unspecified vulnerability in Mongodb Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. | 7.8 |
2024-07-01 | CVE-2024-6375 | Missing Authorization vulnerability in Mongodb A command for refining a collection shard key is missing an authorization check. | 6.5 |
2024-03-07 | CVE-2024-1351 | Improper Certificate Validation vulnerability in multiple products Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. | 9.8 |
2023-08-23 | CVE-2023-1409 | Improper Certificate Validation vulnerability in Mongodb If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. | 7.5 |
2022-04-21 | CVE-2022-24272 | Reachable Assertion vulnerability in Mongodb An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. | 6.5 |