Lucene search
K

6 matches found

OSV
OSV
added 2024/03/06 10:57 a.m.17 views

BIT-MONGODB-2021-32036 Denial of Service and Data Integrity vulnerability in features command

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This...

7.1CVSS5.9AI score0.01034EPSS
Exploits0References2
Prion
Prion
added 2022/02/04 11:15 p.m.24 views

Design/Logic Flaw

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This...

5.5CVSS6.7AI score0.01034EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/15 12:30 p.m.31 views

CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to...

6.5CVSS6.6AI score0.01037EPSS
Exploits0References1
Prion
Prion
added 2020/11/23 4:15 p.m.12 views

Code injection

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7...

4CVSS6.3AI score0.01254EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2020/11/23 3:30 p.m.16 views

CVE-2019-20923

Removed by vendor...

6.5CVSS6.5AI score0.01254EPSS
Exploits0
CVE
CVE
added 2019/08/30 2:41 p.m.126 views

CVE-2019-2389

CVE-2019-2389 affects MongoDB Server via incorrect scoping of kill operations in packaged SysV init scripts. The flaw lets users with write access to the PID file influence kills when the root user stops MongoDB, enabling denial-of-service conditions. Affected are MongoDB Server v4.0 prior to 4.0...

5.3CVSS4.6AI score0.00305EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder