Lucene search
+L

477 matches found

Cvelist
Cvelist
added 2020/11/23 2:50 p.m.26 views

CVE-2020-7925 Denial of Service when processing malformed Role names

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 version...

7.5CVSS7.4AI score0.0166EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/11/23 2:50 p.m.45 views

CVE-2020-7925

Removed by vendor...

7.5CVSS7.5AI score0.0166EPSS
Exploits0
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.6 views

MongoDB Server Input Validation Error Vulnerability

MongoDB is a document-oriented database management system from the U.S. company MongoDB. An input validation error vulnerability exists in MongoDB Server. The vulnerability stems from the fact that incorrect validation of user input in the role name parser could result in the use of uninitialized...

7.5CVSS6.8AI score0.0166EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.1 views

PT-2020-19851 · Mongodb · Mongodb Server +1

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions 4.4.0 through 4.4.1 Description: A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem...

6.5CVSS6.8AI score0.01391EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.2 views

PT-2020-8674 · Mongodb · Mongodb Server +1

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.5 MongoDB Server versions prior to 3.6.10 MongoDB Server versions prior to 3.4.19 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted...

6.5CVSS7.2AI score0.01269EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.3 views

PT-2020-19850 · Mongodb · Mongodb Server +1

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.4.0-rc12 MongoDB Server versions prior to 4.2.9 Description: The issue is caused by incorrect validation of user input in the role name parser, which may lead to the use of uninitialized memory. This allows ...

7.5CVSS6.9AI score0.0166EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.2 views

PT-2020-19853 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.5.1 MongoDB Server versions 4.4 prior to 4.4.1 MongoDB Server versions 4.2 prior to 4.2.9 MongoDB Server versions 4.0 prior to 4.0.20 MongoDB Server versions 3.6 prior to 3.6.20 Description: A user authorize...

7.5CVSS5.9AI score0.01655EPSS
Exploits2References29
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.2 views

PT-2020-10892 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.4.1 MongoDB Server versions prior to 4.2.9 MongoDB Server versions prior to 4.0.20 MongoDB Server versions prior to 3.6.20 Description: A user authorized to perform database queries may trigger denial of...

7.5CVSS6AI score0.01655EPSS
Exploits2References30
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.4 views

PT-2020-10893 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.2.1 MongoDB Server versions prior to 4.0.13 MongoDB Server versions prior to 3.6.15 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted...

7.5CVSS5.8AI score0.01655EPSS
Exploits2References29
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.5 views

PT-2020-10879 · Mongodb · Mongodb Server +1

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.2.2 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. Recommendations: For...

6.5CVSS6.8AI score0.01282EPSS
Exploits0References10
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.10 views

MongoDB 资源管理错误漏洞

Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server that originates from the...

6.5CVSS6.7AI score0.01233EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/08/21 3:15 p.m.16 views

CVE-2020-7923

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8...

6.5CVSS6.6AI score0.01275EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/08/21 2:25 p.m.26 views

CVE-2020-7923 Specific GeoQuery can cause DoS against MongoDB Server

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8...

6.5CVSS6.2AI score0.01275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/05/21 12:0 a.m.8 views

PT-2020-6164 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 3.6.21 MongoDB Server versions prior to 4.0.20 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries containing a type of regex. This iss...

7.5CVSS5.8AI score0.01655EPSS
Exploits2References31
CNVD
CNVD
added 2020/05/07 12:0 a.m.4 views

MongoDB Server Security Mechanism Bypass Vulnerability

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in the authorization subsystem in MongoDB...

5.3CVSS6.8AI score0.0066EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/05/06 2:55 p.m.25 views

CVE-2020-7921 Administrative action may disable enforcement of per-user IP whitelisting

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...

4.6CVSS5.1AI score0.0066EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/05/06 2:55 p.m.23 views

CVE-2020-7921

Removed by vendor...

5.3CVSS5.4AI score0.0066EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/23 2:27 p.m.20 views

Security Bulletin: A Security Vulnerability affects IBM Cloud Private Core Services (CVE-2019-2386)

Summary A Security Vulnerability affects IBM Cloud Private Core Services Vulnerability Details CVEID: CVE-2019-2386 DESCRIPTION: MongoDB Server could allow a remote authenticated attacker to bypass security restrictions, caused by improper session management. By reusing an established session of...

7.1CVSS0.7AI score0.01225EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2019/10/24 1:50 p.m.69 views

CVE-2019-2389

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...

5.3CVSS4.8AI score0.00305EPSS
Exploits0References3
CNVD
CNVD
added 2019/09/04 12:0 a.m.3 views

MongoDB Server Input Validation Error Vulnerability

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . An input validation error vulnerability exists in MongoDB Server. An attacker...

5.3CVSS6.7AI score0.00305EPSS
Exploits0References1
Rows per page
Query Builder