Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb mongodb vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-20805
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions before 4.0.5 and MongoDB Server v3.6 versions before 3.6.10.
Mongodb Mongodb
4
CVSSv2
CVE-2018-20802
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions before 3.6.9 and MongoDB Server v4.0 versions before 4.0.3.
Mongodb Mongodb
5
CVSSv2
CVE-2020-7925
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated malicious user to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions before 4.4.0-rc12; MongoD...
Mongodb Mongodb
Mongodb Mongodb 4.4.0
4
CVSSv2
CVE-2020-7926
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions prior to 4.4 are not affected.
Mongodb Mongodb
7.5
CVSSv2
CVE-2020-26542
An issue exists in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank ...
Percona Percona Server
6.8
CVSSv2
CVE-2020-2268
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and previous versions allows malicious users to gain access to some metadata of any arbitrary files on the Jenkins controller.
Jenkins Mongodb
4
CVSSv2
CVE-2020-2267
A missing permission check in Jenkins MongoDB Plugin 1.3 and previous versions allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
Jenkins Mongodb
4
CVSSv2
CVE-2020-7923
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions before 4.4.0-rc7; MongoDB Server v4.2 vers...
Mongodb Mongodb
4.3
CVSSv2
CVE-2020-2217
Jenkins Compatibility Action Storage Plugin 1.0 and previous versions does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
Praqma Compatibility Action Storage
5
CVSSv2
CVE-2019-2388
In affected Ops Manager versions there is an exposed http route was that may allow malicious users to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1...
Mongodb Ops Manager 4.0.9
Mongodb Ops Manager 4.0.10
Mongodb Ops Manager 4.1.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »