Vulnerabilities > Mongodb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-21 | CVE-2020-7923 | Improper Handling of Exceptional Conditions vulnerability in Mongodb A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. | 6.5 |
2020-05-13 | CVE-2019-2388 | Forced Browsing vulnerability in Mongodb OPS Manager 4.0.10/4.0.9/4.1.5 In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. | 5.3 |
2020-05-06 | CVE-2020-7921 | Incorrect Authorization vulnerability in Mongodb Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. | 5.3 |
2020-04-24 | CVE-2020-12135 | Integer Overflow or Wraparound vulnerability in multiple products bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. | 5.5 |
2020-04-09 | CVE-2020-7922 | Improper Certificate Validation vulnerability in Mongodb Enterprise Kubernetes Operator X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. | 6.5 |
2020-03-31 | CVE-2019-2391 | Deserialization of Untrusted Data vulnerability in Mongodb Js-Bson Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. | 5.4 |
2020-03-30 | CVE-2020-7610 | Deserialization of Untrusted Data vulnerability in Mongodb Bson All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. | 9.8 |
2020-02-20 | CVE-2015-4411 | Resource Exhaustion vulnerability in multiple products The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. | 7.5 |
2019-08-30 | CVE-2019-2390 | Unspecified vulnerability in Mongodb An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. | 7.8 |
2019-08-30 | CVE-2019-2389 | Improper Input Validation vulnerability in Mongodb Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. | 4.2 |