Filtered by vendor Mongodb Subscriptions
Filtered by product Mongodb Subscriptions
Total 51 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-2392 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.
CVE-2019-2390 2 Microsoft, Mongodb 2 Windows, Mongodb 2024-11-21 8.2 High
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server v3.4 prior to 3.4.22.
CVE-2019-2389 1 Mongodb 1 Mongodb 2024-11-21 5.3 Medium
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.
CVE-2019-2386 1 Mongodb 1 Mongodb 2024-11-21 7.1 High
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9; MongoDB Server v3.6 versions prior to 3.6.13 and MongoDB Server v3.4 versions prior to 3.4.22. Workaround: After deleting one or more users, restart any nodes which may have had active user authorization sessions. Refrain from creating user accounts with the same name as previously deleted accounts.
CVE-2019-20925 1 Mongodb 1 Mongodb 2024-11-21 7.5 High
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.
CVE-2019-20924 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.
CVE-2019-20923 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.
CVE-2018-25004 1 Mongodb 1 Mongodb 2024-11-21 4.9 Medium
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
CVE-2018-20805 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.
CVE-2018-20804 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.
CVE-2018-20803 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects MongoDB Server v4.0 versions prior to 4.0.5; MongoDB Server v3.6 versions prior to 3.6.10 and MongoDB Server v3.4 versions prior to 3.4.19.
CVE-2018-20802 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.
CVE-2017-2665 2 Mongodb, Redhat 2 Mongodb, Storage Console 2024-11-21 N/A
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
CVE-2017-15535 1 Mongodb 1 Mongodb 2024-11-21 N/A
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
CVE-2017-14227 1 Mongodb 1 Mongodb 2024-11-21 N/A
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.
CVE-2016-6494 2 Fedoraproject, Mongodb 2 Fedora, Mongodb 2024-11-21 N/A
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
CVE-2016-3104 1 Mongodb 1 Mongodb 2024-11-21 N/A
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
CVE-2015-7882 1 Mongodb 1 Mongodb 2024-11-21 N/A
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
CVE-2015-1609 3 Fedoraproject, Mongodb, Redhat 4 Fedora, Mongodb, Satellite and 1 more 2024-11-21 N/A
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
CVE-2014-8180 2 Mongodb, Redhat 2 Mongodb, Satellite 2024-11-21 N/A
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.