Vulnerabilities > Mongodb

DATE CVE VULNERABILITY TITLE RISK
2019-08-06 CVE-2019-2386 Insufficient Session Expiration vulnerability in Mongodb
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones.
network
mongodb CWE-613
6.0
2019-07-30 CVE-2017-18381 7PK - Security Features vulnerability in multiple products
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
network
low complexity
edx mongodb CWE-254
6.5
2019-07-19 CVE-2015-7882 Improper Authentication vulnerability in Mongodb 3.0.0/3.0.6
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
network
mongodb CWE-287
6.8
2018-09-10 CVE-2018-16790 Out-of-bounds Read vulnerability in Mongodb Libbson 1.12.0
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
network
mongodb CWE-125
5.8
2018-07-10 CVE-2018-13863 Unspecified vulnerability in Mongodb Js-Bson
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js.
network
low complexity
mongodb
5.0
2018-07-06 CVE-2017-2665 Insufficiently Protected Credentials vulnerability in multiple products
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user.
1.9
2017-11-01 CVE-2017-15535 Unspecified vulnerability in Mongodb
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
network
low complexity
mongodb
6.4
2017-09-09 CVE-2017-14227 Out-of-bounds Read vulnerability in Mongodb 1.7.0
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.
network
low complexity
mongodb CWE-125
5.0
2017-06-06 CVE-2014-8180 Improper Authentication vulnerability in Mongodb
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
local
low complexity
mongodb redhat CWE-287
2.1
2017-04-14 CVE-2016-3104 Resource Exhaustion vulnerability in Mongodb 2.4.0/2.6.0
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
network
low complexity
mongodb CWE-400
5.0