Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb mongodb vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2013-1895
The py-bcrypt module prior to 0.3 for Python does not properly handle concurrent memory access, which allows malicious users to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
Python Py-bcrypt
Fedoraproject Fedora 17
Fedoraproject Fedora 18
1 Github repository
NA
CVE-2024-3372
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0...
NA
CVE-2024-1351
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been clo...
NA
CVE-2024-3371
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling malicious users to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to ...
9.1
CVSSv3
CVE-2020-4669
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database....
Ibm Planning Analytics Cloud 2.0.0
Ibm Planning Analytics Local 2.0.0
9.9
CVSSv3
CVE-2023-43651
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI...
Fit2cloud Jumpserver
1 Github repository
NA
CVE-2024-3374
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Serve...
7.3
CVSSv3
CVE-2013-0165
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
Redhat Openshift -
9.8
CVSSv3
CVE-2018-3783
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
Flintcms Flintcms
1 Github repository
7.2
CVSSv3
CVE-2017-18381
The installation process in Open edX prior to 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
Edx Edx-platform
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »