Vulnerabilities > Mongodb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-20328 | Improper Certificate Validation vulnerability in multiple products Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. | 6.8 |
| 2021-02-25 | CVE-2021-20327 | Improper Certificate Validation vulnerability in Mongodb Libmongocrypt 1.2.0 A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. | 6.8 |
| 2021-02-11 | CVE-2021-20335 | Cleartext Transmission of Sensitive Information vulnerability in Mongodb OPS Manager For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. | 4.6 |
| 2020-11-24 | CVE-2019-20925 | Incorrect Comparison vulnerability in Mongodb An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. | 7.5 |
| 2020-11-23 | CVE-2020-7927 | Unspecified vulnerability in Mongodb OPS Manager Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. | 6.5 |
| 2020-11-23 | CVE-2018-20803 | Infinite Loop vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. | 6.5 |
| 2020-11-23 | CVE-2020-7928 | Unspecified vulnerability in Mongodb A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. | 6.5 |
| 2020-11-23 | CVE-2019-2393 | Use After Free vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. | 6.5 |
| 2020-11-23 | CVE-2019-2392 | Integer Overflow or Wraparound vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. | 6.5 |
| 2020-11-23 | CVE-2019-20924 | Improper Check for Unusual or Exceptional Conditions vulnerability in Mongodb 4.2.0/4.2.1 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. | 6.5 |