Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-16790
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
Mongodb Libbson 1.12.0
6.5
CVSSv3
CVE-2020-7927
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and i...
Mongodb Ops Manager
7.5
CVSSv3
CVE-2018-13863
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x prior to 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long u...
Mongodb Js-bson
5.3
CVSSv3
CVE-2023-0342
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 before 5.0.21 and MongoDB Ops Manager v6.0 before 6.0.12
Mongodb Ops Manager Server
7.2
CVSSv3
CVE-2023-4009
In MongoDB Ops Manager v5.0 before 5.0.22 and v6.0 before 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.
Mongodb Ops Manager Server
5.5
CVSSv3
CVE-2020-12135
bson prior to 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.
Whoopsie Project Whoopsie
Mongodb C Driver
1 Github repository
6.8
CVSSv3
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result ...
Mongodb Java Driver
Quarkus Quarkus
Quarkus Quarkus 1.13.3
7.5
CVSSv3
CVE-2015-4411
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby prior to 3.0.4 as used in rubygem-moped allows remote malicious users to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.
Mongodb Bson
Fedoraproject Fedora 21
Fedoraproject Fedora 22
NA
CVE-2013-4142
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3969. Reason: This candidate is a duplicate of CVE-2013-3969. Notes: All CVE users should reference CVE-2013-3969 instead of this candidate. All references and descriptions in this candidate have been removed...
7.5
CVSSv3
CVE-2020-1929
The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables trust verification in every case. This exclusion also gets registered globally whi...
Apache Beam
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »