477 matches found
CVE-2020-7925 Denial of Service when processing malformed Role names
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 version...
CVE-2020-7925
Removed by vendor...
MongoDB Server Input Validation Error Vulnerability
MongoDB is a document-oriented database management system from the U.S. company MongoDB. An input validation error vulnerability exists in MongoDB Server. The vulnerability stems from the fact that incorrect validation of user input in the role name parser could result in the use of uninitialized...
PT-2020-19851 · Mongodb · Mongodb Server +1
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions 4.4.0 through 4.4.1 Description: A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem...
PT-2020-8674 · Mongodb · Mongodb Server +1
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.5 MongoDB Server versions prior to 3.6.10 MongoDB Server versions prior to 3.4.19 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted...
PT-2020-19850 · Mongodb · Mongodb Server +1
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.4.0-rc12 MongoDB Server versions prior to 4.2.9 Description: The issue is caused by incorrect validation of user input in the role name parser, which may lead to the use of uninitialized memory. This allows ...
PT-2020-19853 · Mongodb +1 · Mongodb Server +2
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.5.1 MongoDB Server versions 4.4 prior to 4.4.1 MongoDB Server versions 4.2 prior to 4.2.9 MongoDB Server versions 4.0 prior to 4.0.20 MongoDB Server versions 3.6 prior to 3.6.20 Description: A user authorize...
PT-2020-10892 · Mongodb +1 · Mongodb Server +2
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.4.1 MongoDB Server versions prior to 4.2.9 MongoDB Server versions prior to 4.0.20 MongoDB Server versions prior to 3.6.20 Description: A user authorized to perform database queries may trigger denial of...
PT-2020-10893 · Mongodb +1 · Mongodb Server +2
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.2.1 MongoDB Server versions prior to 4.0.13 MongoDB Server versions prior to 3.6.15 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted...
PT-2020-10879 · Mongodb · Mongodb Server +1
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.2.2 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. Recommendations: For...
MongoDB 资源管理错误漏洞
Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server that originates from the...
CVE-2020-7923
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8...
CVE-2020-7923 Specific GeoQuery can cause DoS against MongoDB Server
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8...
PT-2020-6164 · Mongodb +1 · Mongodb Server +2
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 3.6.21 MongoDB Server versions prior to 4.0.20 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries containing a type of regex. This iss...
MongoDB Server Security Mechanism Bypass Vulnerability
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in the authorization subsystem in MongoDB...
CVE-2020-7921 Administrative action may disable enforcement of per-user IP whitelisting
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...
CVE-2020-7921
Removed by vendor...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Core Services (CVE-2019-2386)
Summary A Security Vulnerability affects IBM Cloud Private Core Services Vulnerability Details CVEID: CVE-2019-2386 DESCRIPTION: MongoDB Server could allow a remote authenticated attacker to bypass security restrictions, caused by improper session management. By reusing an established session of...
CVE-2019-2389
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...
MongoDB Server Input Validation Error Vulnerability
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . An input validation error vulnerability exists in MongoDB Server. An attacker...