Lucene search
K

6 matches found

OSV
OSV
added 2024/03/06 10:57 a.m.16 views

BIT-MONGODB-2021-32036 Denial of Service and Data Integrity vulnerability in features command

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This...

7.1CVSS5.9AI score0.01034EPSS
Exploits0References2
Prion
Prion
added 2022/02/04 11:15 p.m.24 views

Design/Logic Flaw

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This...

5.5CVSS6.7AI score0.01034EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/15 12:30 p.m.28 views

CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to...

6.5CVSS6.6AI score0.01037EPSS
Exploits0References1
MongoDB
MongoDB
added 2020/12/01 12:0 a.m.30 views

Invariant in IndexBoundsBuilder

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2...

6.5CVSS6.3AI score0.01282EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/11/23 4:15 p.m.26 views

CVE-2019-20924

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2...

6.5CVSS6.6AI score0.01282EPSS
Exploits0References2
Prion
Prion
added 2020/11/23 3:15 p.m.15 views

Input validation

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 version...

5CVSS7.3AI score0.0166EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder