Lucene search
K

23 matches found

OSV
OSV
added 2026/05/14 8:50 a.m.1 views

BIT-MONGODB-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

8.8CVSS5.8AI score0.00032EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.6 views

EUVD-2026-29892

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

8.8CVSS5.8AI score0.00032EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:17 a.m.6 views

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

8.8CVSS0.00032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 12:12 a.m.2 views

CVE-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

6.4CVSS5.8AI score0.00032EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.6 views

MongoDB Server 资源管理错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 7.0.34, 8.0.23, 8.2.9, and 8.3.2 contain a resource...

8.8CVSS5.8AI score0.00032EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-20328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server's...

6.8CVSS6.7AI score0.00129EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 10:28 p.m.22 views

Improper Certificate Validation in MongoDB

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS2.1AI score0.00129EPSS
Exploits0References3Affected Software4
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.1 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS5.8AI score0.00129EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.1 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS5.8AI score0.00129EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 11:57 a.m.2 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS5.8AI score0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/03/02 7:3 p.m.20 views

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS6.5AI score0.00129EPSS
Exploits0References3
NVD
NVD
added 2021/02/25 5:15 p.m.18 views

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS0.00129EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/02/25 5:15 p.m.27 views

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS6.8AI score0.00129EPSS
Exploits0References2
OSV
OSV
added 2021/02/25 5:15 p.m.0 views

UBUNTU-CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS6.8AI score0.00129EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2021/02/25 4:30 p.m.18 views

CVE-2021-20328 MongoDB Java driver client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.4CVSS6.5AI score0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/25 4:30 p.m.18 views

CVE-2021-20328 MongoDB Java driver client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.4CVSS6.8AI score0.00129EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2021/02/25 4:30 p.m.27 views

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS6.6AI score0.00129EPSS
Exploits0
CVE
CVE
added 2021/02/25 4:30 p.m.131 views

CVE-2021-20328

CVE-2021-20328 affects specific versions of the MongoDB Java driver that support Field Level Encryption (CSFLE). The root cause is improper host name verification on the KMS server’s certificate, enabling a privileged MITM attacker to intercept traffic between the Java driver and the KMS service ...

6.8CVSS6.4AI score0.00129EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2021/02/25 12:0 a.m.60 views

MongoDB Node.js client side field level encryption library may not be validating KMS certificate

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

6.8CVSS6.2AI score0.00125EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/25 12:0 a.m.2 views

PT-2021-13887 · Unknown · Java Driver

Name of the Vulnerable Software and Affected Versions: Java driver versions that support client-side field level encryption CSFLE Description: The issue arises from the Java driver's failure to perform correct host name verification on the KMS server's certificate, which, in combination with a...

6.8CVSS7.5AI score0.00129EPSS
Exploits0References10
Rows per page
Query Builder