Vulnerabilities > Mongodb
|2019-08-06||CVE-2019-2386|| Insufficient Session Expiration vulnerability in Mongodb |
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones.
| 6.0 |
|2019-07-30||CVE-2017-18381|| 7PK - Security Features vulnerability in multiple products |
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
| 6.5 |
|2019-07-19||CVE-2015-7882|| Improper Authentication vulnerability in Mongodb 3.0.0/3.0.6 |
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
| 6.8 |
|2018-09-10||CVE-2018-16790|| Out-of-bounds Read vulnerability in Mongodb Libbson 1.12.0 |
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
| 5.8 |
|2018-07-10||CVE-2018-13863|| Unspecified vulnerability in Mongodb Js-Bson |
| 5.0 |
|2018-07-06||CVE-2017-2665|| Insufficiently Protected Credentials vulnerability in multiple products |
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user.
| 1.9 |
|2017-11-01||CVE-2017-15535|| Unspecified vulnerability in Mongodb |
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
| 6.4 |
|2017-09-09||CVE-2017-14227|| Out-of-bounds Read vulnerability in Mongodb 1.7.0 |
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.
| 5.0 |
|2017-06-06||CVE-2014-8180|| Improper Authentication vulnerability in Mongodb |
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
| 2.1 |
|2017-04-14||CVE-2016-3104|| Resource Exhaustion vulnerability in Mongodb 2.4.0/2.6.0 |
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
| 5.0 |