Vulnerabilities > Mongodb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2019-2393 | Use After Free vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. | 6.5 |
| 2020-11-23 | CVE-2019-2392 | Integer Overflow or Wraparound vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. | 6.5 |
| 2020-11-23 | CVE-2019-20924 | Improper Check for Unusual or Exceptional Conditions vulnerability in Mongodb 4.2.0/4.2.1 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. | 6.5 |
| 2020-11-23 | CVE-2019-20923 | Unspecified vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. | 6.5 |
| 2020-11-23 | CVE-2018-20805 | Excessive Iteration vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . | 6.5 |
| 2020-11-23 | CVE-2018-20804 | Improper Input Validation vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. | 6.5 |
| 2020-11-23 | CVE-2018-20802 | Unspecified vulnerability in Mongodb A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. | 6.5 |
| 2020-11-23 | CVE-2020-7926 | Improper Handling of Exceptional Conditions vulnerability in Mongodb 4.4.0 A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. | 6.5 |
| 2020-08-21 | CVE-2020-7923 | Improper Handling of Exceptional Conditions vulnerability in Mongodb A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. | 6.5 |
| 2020-05-13 | CVE-2019-2388 | Forced Browsing vulnerability in Mongodb OPS Manager 4.0.10/4.0.9/4.1.5 In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. | 5.3 |