Vulnerabilities > Mongodb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-8305 | Unspecified vulnerability in Mongodb prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. | 6.5 |
| 2024-08-27 | CVE-2024-8207 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mongodb In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. | 6.7 |
| 2024-08-13 | CVE-2024-6384 | Unspecified vulnerability in Mongodb "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. | 5.3 |
| 2024-07-01 | CVE-2024-6375 | Missing Authorization vulnerability in Mongodb A command for refining a collection shard key is missing an authorization check. | 6.5 |
| 2023-06-09 | CVE-2023-0342 | Unspecified vulnerability in Mongodb OPS Manager Server MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. | 5.3 |
| 2022-04-21 | CVE-2022-24272 | Reachable Assertion vulnerability in Mongodb An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. | 6.5 |
| 2022-01-20 | CVE-2021-32039 | Insufficiently Protected Credentials vulnerability in Mongodb Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. | 5.5 |
| 2021-12-15 | CVE-2021-20330 | Improper Input Validation vulnerability in Mongodb An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. | 6.5 |
| 2021-11-24 | CVE-2021-32037 | Reachable Assertion vulnerability in Mongodb 5.0.0/5.0.1/5.0.2 An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. | 6.5 |
| 2021-08-02 | CVE-2021-20332 | Unspecified vulnerability in Mongodb Rust Driver Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. | 4.4 |