Vulnerabilities > Mongodb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-7926 | Improper Handling of Exceptional Conditions vulnerability in Mongodb 4.4.0 A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. | 6.5 |
| 2020-08-21 | CVE-2020-7923 | Improper Handling of Exceptional Conditions vulnerability in Mongodb A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. | 6.5 |
| 2020-05-13 | CVE-2019-2388 | Forced Browsing vulnerability in Mongodb OPS Manager 4.0.10/4.0.9/4.1.5 In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. | 5.3 |
| 2020-05-06 | CVE-2020-7921 | Incorrect Authorization vulnerability in Mongodb Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. | 5.3 |
| 2020-04-24 | CVE-2020-12135 | Integer Overflow or Wraparound vulnerability in multiple products bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. | 5.5 |
| 2020-04-09 | CVE-2020-7922 | Improper Certificate Validation vulnerability in Mongodb Enterprise Kubernetes Operator X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. | 6.5 |
| 2020-03-31 | CVE-2019-2391 | Deserialization of Untrusted Data vulnerability in Mongodb Js-Bson Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. | 5.4 |
| 2019-08-30 | CVE-2019-2389 | Improper Input Validation vulnerability in Mongodb Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. | 4.2 |
| 2017-06-06 | CVE-2014-8180 | Improper Authentication vulnerability in Mongodb MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | 5.5 |
| 2016-10-03 | CVE-2016-6494 | Information Exposure vulnerability in multiple products The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | 5.5 |