Lucene search
K

472 matches found

Cvelist
Cvelist
added 2019/08/30 2:41 p.m.26 views

CVE-2019-2389 Process termination via PID file manipulation

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...

5.3CVSS4.8AI score0.00305EPSS
Exploits0References1
MongoDB
MongoDB
added 2019/08/30 11:0 a.m.47 views

Code execution on Windows via OpenSSL engine injection

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to...

8.2CVSS7.6AI score0.01011EPSS
Exploits0References1Affected Software1
Symantec
Symantec
added 2019/08/30 12:0 a.m.69 views

MongoDB Server CVE-2019-2390 Remote Code Execution Vulnerability

Description MongoDB Server is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected IBM...

6.8CVSS0.3AI score0.01011EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2019/08/30 12:0 a.m.6 views

PT-2019-16409 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.11 MongoDB Server versions prior to 3.6.14 MongoDB Server versions prior to 3.4.22 Description: The issue is related to incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts...

7.5CVSS5.8AI score0.01655EPSS
Exploits2References25
NVD
NVD
added 2019/08/06 7:15 p.m.12 views

CVE-2019-2386

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...

7.1CVSS6.7AI score0.01225EPSS
Exploits1References2
OSV
OSV
added 2019/08/06 7:15 p.m.7 views

UBUNTU-CVE-2019-2386

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...

7.1CVSS5.8AI score0.01225EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2019/08/06 12:0 a.m.30 views

mongodb -- Bump Windows package dependencies

Rich Mirch reports: An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utili...

8.2CVSS4.7AI score0.01011EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/23 12:0 a.m.3 views

MongoDB Server Unauthorized Access Vulnerability

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions 3.0.0 through 3.0....

8.1CVSS7AI score0.01756EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/07/19 3:44 p.m.28 views

CVE-2015-7882 Authentication bypass when using LDAP authentication in MongoDB Enterprise Server

Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access...

8.1CVSS8.4AI score0.01756EPSS
Exploits1References1
HackRead
HackRead
added 2019/04/25 9:7 p.m.30 views

Ride-hailing app leaks personal data of millions of Iranians

By Ryan De Souza The ride-hailing app database was hosted on an insecure MongoDB server. Another day, another data breach - This time, security researchers have identified a ride-hailing app exposing personal data of 1 to 2 million Iranian drivers, thanks to an insecure MongoDB database. The...

2.7AI score
Exploits0
HackRead
HackRead
added 2019/03/06 5:5 p.m.99 views

Saudi caller ID app Dalil leaked data of over 5 Million users

By Uzair Amir Thanks to yet another unsecure MongoDB Server. Dalil is a Saudi caller ID app that is reportedly been leaking user data because of storing it on an unsecure MongoDB server. Within a week private data of over 5 million Dalil users has been leaked and the data is available online easi...

2.5AI score
Exploits0
Kitploit
Kitploit
added 2017/02/22 2:4 p.m.585 views

mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool

mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. Installing with pip This is the recommended installation method in case you have python and pip . pip install mongoaudit Alternative installer Use this if and only...

8.1CVSS9.6AI score0.44543EPSS
Exploits13References2
Rows per page
Query Builder