Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb mongodb vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-14227
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote malicious users to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demo...
Mongodb Mongodb 1.7.0
445
VMScore
CVE-2019-2388
In affected Ops Manager versions there is an exposed http route was that may allow malicious users to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1...
Mongodb Ops Manager 4.0.9
Mongodb Ops Manager 4.0.10
Mongodb Ops Manager 4.1.5
828
VMScore
CVE-2016-10572
mongodb-instance prior to 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled bi...
Mongodb-instance Project Mongodb-instance
570
VMScore
CVE-2020-7924
Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Too...
Mongodb Mongomirror
Mongodb Database Tools
187
VMScore
CVE-2016-6494
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
Mongodb Mongodb
Fedoraproject Fedora 25
169
VMScore
CVE-2017-2665
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get...
Mongodb Mongodb -
Redhat Storage Console 2.0
312
VMScore
CVE-2021-20331
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslCo...
Mongodb C\\# Driver
Mongodb C\\# Driver 2.11.0
187
VMScore
CVE-2021-20332
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpected...
Mongodb Rust Driver
Mongodb Rust Driver 2.0.0
NA
CVE-2023-0436
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Ple...
Mongodb Atlas Kubernetes Operator
Mongodb Atlas Kubernetes Operator 1.5.0
608
VMScore
CVE-2022-22980
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
Vmware Spring Data Mongodb
Vmware Spring Data Mongodb 3.4.0
11 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »