Vulnerabilities > Mongodb

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2020-7923 Improper Handling of Exceptional Conditions vulnerability in Mongodb
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear.
network
low complexity
mongodb CWE-755
6.5
2020-05-13 CVE-2019-2388 Forced Browsing vulnerability in Mongodb OPS Manager 4.0.10/4.0.9/4.1.5
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance.
network
low complexity
mongodb CWE-425
5.3
2020-05-06 CVE-2020-7921 Incorrect Authorization vulnerability in Mongodb
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action.
network
high complexity
mongodb CWE-863
5.3
2020-04-24 CVE-2020-12135 Integer Overflow or Wraparound vulnerability in multiple products
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values.
local
low complexity
whoopsie-project mongodb CWE-190
5.5
2020-04-09 CVE-2020-7922 Improper Certificate Validation vulnerability in Mongodb Enterprise Kubernetes Operator
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances.
network
low complexity
mongodb CWE-295
6.5
2020-03-31 CVE-2019-2391 Deserialization of Untrusted Data vulnerability in Mongodb Js-Bson
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON.
network
low complexity
mongodb CWE-502
5.4
2020-03-30 CVE-2020-7610 Deserialization of Untrusted Data vulnerability in Mongodb Bson
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data.
network
low complexity
mongodb CWE-502
critical
9.8
2020-02-20 CVE-2015-4411 Resource Exhaustion vulnerability in multiple products
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string.
network
low complexity
mongodb fedoraproject CWE-400
7.5
2019-08-30 CVE-2019-2390 Unspecified vulnerability in Mongodb
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility.
local
low complexity
mongodb
7.8
2019-08-30 CVE-2019-2389 Improper Input Validation vulnerability in Mongodb
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init.
local
low complexity
mongodb CWE-20
4.2