Linux Distros Unpatched Vulnerability : CVE-2024-8305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple...

BIT-MONGODB-2024-8305 MongoDB Server secondaries may crash due to forced index constraints

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 version...

MongoDB DoS Vulnerability (SERVER-92382) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

UBUNTU-CVE-2024-8305

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 version...

CVE-2024-8305 MongoDB Server secondaries may crash due to forced index constraints

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 version...

CVE-2024-8305 MongoDB Server secondaries may crash due to forced index constraints

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 version...

MongoDB Server secondaries may crash due to forced index constraints

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 version...

BIT-VAULT-2021-27668

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3...

CVE-2021-3282

A flaw was found in HashiCorp Vault Enterprise. This flaw allows a remote attacker to bypass security restrictions caused by a vulnerability in the DR secondaries. An attacker can execute the remove-peer raft operator command without authentication by sending a specially-crafted request...

CVE-2021-20330

A denial of service attack was found in MongoDB. An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries...

UBUNTU-CVE-2021-20330

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to...

Authentication flaw

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3...

HashiCorp Vault 访问控制错误漏洞

Hashicorp HashiCorp Vault is a private key access management tool from the US-based Hashicorp. An Access Control Error vulnerability exists in HashiCorp Vault Enterprise that stems from the product's lack of privilege validation when reading license metadata from DR secondaries. An attacker could...

PT-2021-17594 · Hashicorp · Hashicorp Vault Enterprise

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2 Description: The issue allows the read of license metadata from DR secondaries without authentication. Recommendations: For HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2, updat...

vault -- unauthenticated license read

vault developers report: Limited Unauthenticated License Read: We addressed a security vulnerability that allowed for the unauthenticated reading of Vault licenses from DR Secondaries...

Authentication flaw

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2...

CVE-2021-3282

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2...