Vulnerabilities > Mongodb > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-06 | CVE-2020-7921 | Incorrect Authorization vulnerability in Mongodb Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. | 5.3 |
2020-04-24 | CVE-2020-12135 | Integer Overflow or Wraparound vulnerability in multiple products bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. | 4.3 |
2020-04-09 | CVE-2020-7922 | Improper Certificate Validation vulnerability in Mongodb Enterprise Kubernetes Operator X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. | 6.5 |
2020-03-31 | CVE-2019-2391 | Deserialization of Untrusted Data vulnerability in Mongodb Js-Bson Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. | 5.4 |
2020-02-20 | CVE-2015-4411 | Resource Exhaustion vulnerability in multiple products The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. | 5.0 |
2019-08-30 | CVE-2019-2389 | Improper Input Validation vulnerability in Mongodb Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. | 4.2 |
2019-07-19 | CVE-2015-7882 | Improper Authentication vulnerability in Mongodb 3.0.0/3.0.6 Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. | 6.8 |
2018-09-10 | CVE-2018-16790 | Out-of-bounds Read vulnerability in Mongodb Libbson 1.12.0 _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. | 5.8 |
2018-07-10 | CVE-2018-13863 | Unspecified vulnerability in Mongodb Js-Bson The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. | 5.0 |
2017-11-01 | CVE-2017-15535 | Unspecified vulnerability in Mongodb MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. | 6.4 |