2 matches found
MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod
The version of the remote MongoDB server is 2.6.x prior to 2.6.9, is 3.0.x 3.0.14 or is 3.2.x 3.2.8. It is, therefore, affected by multiple vulnerabilities. - A credentials disclosure vulnerability exists in the PEMKeyPassword, clusterPassword and Windows servicePassword. An unauthenticated local...
CVE-2014-3971
CVE-2014-3971 affects MongoDB 2.6.x before 2.6.2. The vulnerability is in CmdAuthenticate::_authenticateX509 (authentication_commands.cpp) within mongod, where an unauthenticated remote attacker can trigger a denial of service (daemon crash) by presenting an invalid X.509 client certificate. Conn...