Vulnerabilities > Mongodb > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-06 | CVE-2021-20334 | Improper Privilege Management vulnerability in Mongodb Compass A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. | 7.8 |
| 2020-11-24 | CVE-2019-20925 | Incorrect Comparison vulnerability in Mongodb An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. | 7.5 |
| 2020-11-23 | CVE-2020-7925 | Improper Input Validation vulnerability in Mongodb Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. | 7.5 |
| 2020-02-20 | CVE-2015-4411 | Resource Exhaustion vulnerability in multiple products The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. | 7.5 |
| 2019-08-30 | CVE-2019-2390 | Unspecified vulnerability in Mongodb An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. | 7.8 |
| 2019-08-06 | CVE-2019-2386 | Insufficient Session Expiration vulnerability in Mongodb After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. | 7.1 |
| 2019-07-19 | CVE-2015-7882 | Improper Authentication vulnerability in Mongodb 3.0.0/3.0.6 Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. | 8.1 |
| 2018-09-10 | CVE-2018-16790 | Out-of-bounds Read vulnerability in Mongodb Libbson 1.12.0 _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. | 8.1 |
| 2018-07-10 | CVE-2018-13863 | Unspecified vulnerability in Mongodb Js-Bson The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. | 7.5 |
| 2018-07-06 | CVE-2017-2665 | Insufficiently Protected Credentials vulnerability in multiple products The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. | 7.0 |