Vulnerabilities > Mongodb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-20 | CVE-2021-32039 | Insufficiently Protected Credentials vulnerability in Mongodb Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. | 5.5 |
| 2021-12-15 | CVE-2021-20330 | Improper Input Validation vulnerability in Mongodb An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. | 6.5 |
| 2021-11-24 | CVE-2021-32037 | Reachable Assertion vulnerability in Mongodb 5.0.0/5.0.1/5.0.2 An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. | 6.5 |
| 2021-08-02 | CVE-2021-20332 | Unspecified vulnerability in Mongodb Rust Driver Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. | 4.4 |
| 2021-07-23 | CVE-2021-20333 | Improper Encoding or Escaping of Output vulnerability in Mongodb Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. | 5.3 |
| 2021-06-10 | CVE-2021-20329 | Improper Input Validation vulnerability in Mongodb GO Driver Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. | 6.5 |
| 2021-05-13 | CVE-2021-20331 | Information Exposure vulnerability in Mongodb C# Driver 2.11.0/2.12.0/2.12.1 Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. | 4.9 |
| 2021-04-30 | CVE-2021-20326 | Incorrect Permission Assignment for Critical Resource vulnerability in Mongodb A user authorized to performing a specific type of find query may trigger a denial of service. | 6.5 |
| 2021-04-12 | CVE-2020-7924 | Improper Certificate Validation vulnerability in Mongodb Database Tools and Mongomirror Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. | 6.5 |
| 2021-04-06 | CVE-2021-20334 | Improper Privilege Management vulnerability in Mongodb Compass A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. | 4.6 |