Mongodb@* Security Vulnerabilities and Issues — Mongodb@* CVE List

Lucene search

MongodbMongodb*

8 matches found

CVE•added 2024/08/13 3:15 p.m.•272 views

CVE-2024-6384

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions...

5.3CVSS5.2AI score0.00106EPSS

CVE•added 2021/07/23 12:15 p.m.•107 views

CVE-2021-20333

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.10.

5.3CVSS5.2AI score0.00353EPSS

CVE•added 2019/08/30 3:15 p.m.•103 views

CVE-2019-2389

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoD...

5.3CVSS4.6AI score0.00113EPSS

CVE•added 2020/05/06 3:15 p.m.•81 views

CVE-2020-7921

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; ...

5.3CVSS5.1AI score0.00109EPSS

CVE•added 2016/10/03 6:59 p.m.•78 views

CVE-2016-6494

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

5.5CVSS4.9AI score0.0008EPSS

CVE•added 2015/03/30 2:59 p.m.•67 views

CVE-2015-1609

MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.

5CVSS7.4AI score0.01347EPSS

CVE•added 2022/01/20 3:15 p.m.•52 views

CVE-2021-32039

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including...

5.5CVSS5.3AI score0.00136EPSS

CVE•added 2017/06/06 6:29 p.m.•34 views

CVE-2014-8180

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.

5.5CVSS5.5AI score0.00039EPSS