Vulnerabilities > Mongodb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-29 | CVE-2021-32050 | Information Exposure Through Log Files vulnerability in Mongodb products Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. | 7.5 |
| 2023-08-23 | CVE-2023-1409 | Improper Certificate Validation vulnerability in Mongodb If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. | 7.5 |
| 2023-08-08 | CVE-2023-4009 | Improper Privilege Management vulnerability in Mongodb OPS Manager Server In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. | 7.2 |
| 2023-06-09 | CVE-2023-0342 | Unspecified vulnerability in Mongodb OPS Manager Server MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. | 5.3 |
| 2023-02-21 | CVE-2022-48282 | Deserialization of Untrusted Data vulnerability in Mongodb C# Driver Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. | 7.2 |
| 2022-04-21 | CVE-2022-24272 | Reachable Assertion vulnerability in Mongodb An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. | 6.5 |
| 2022-04-12 | CVE-2021-32040 | Out-of-bounds Write vulnerability in Mongodb It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. | 7.5 |
| 2022-02-04 | CVE-2021-32036 | Allocation of Resources Without Limits or Throttling vulnerability in Mongodb An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. | 7.1 |
| 2022-01-20 | CVE-2021-32039 | Insufficiently Protected Credentials vulnerability in Mongodb Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. | 5.5 |
| 2021-12-15 | CVE-2021-20330 | Improper Input Validation vulnerability in Mongodb An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. | 6.5 |