Vulnerabilities > Mongodb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-06 | CVE-2020-7921 | Incorrect Authorization vulnerability in Mongodb Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. | 5.3 |
| 2020-04-24 | CVE-2020-12135 | Integer Overflow or Wraparound vulnerability in multiple products bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. | 4.3 |
| 2020-04-09 | CVE-2020-7922 | Improper Certificate Validation vulnerability in Mongodb Enterprise Kubernetes Operator X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. | 6.5 |
| 2020-03-31 | CVE-2019-2391 | Deserialization of Untrusted Data vulnerability in Mongodb Js-Bson Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. | 5.4 |
| 2020-03-30 | CVE-2020-7610 | Deserialization of Untrusted Data vulnerability in Mongodb Bson All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. | 7.5 |
| 2020-02-20 | CVE-2015-4411 | Resource Exhaustion vulnerability in multiple products The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. | 5.0 |
| 2019-08-30 | CVE-2019-2390 | Unspecified vulnerability in Mongodb An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. | 7.8 |
| 2019-08-30 | CVE-2019-2389 | Improper Input Validation vulnerability in Mongodb Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. | 4.2 |
| 2019-08-06 | CVE-2019-2386 | Insufficient Session Expiration vulnerability in Mongodb After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. | 7.1 |
| 2019-07-19 | CVE-2015-7882 | Improper Authentication vulnerability in Mongodb 3.0.0/3.0.6 Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. | 6.8 |