6 matches found
BIT-MONGODB-2021-32036 Denial of Service and Data Integrity vulnerability in features command
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This...
Design/Logic Flaw
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This...
CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to...
Code injection
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7...
CVE-2019-20923
Removed by vendor...
CVE-2019-2389
CVE-2019-2389 affects MongoDB Server via incorrect scoping of kill operations in packaged SysV init scripts. The flaw lets users with write access to the PID file influence kills when the root user stops MongoDB, enabling denial-of-service conditions. Affected are MongoDB Server v4.0 prior to 4.0...