Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb mongodb vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2019-2386
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versi...
Mongodb Mongodb
1.9
CVSSv2
CVE-2019-2389
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions...
Mongodb Mongodb
6.8
CVSSv2
CVE-2019-2390
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions befo...
Mongodb Mongodb
4
CVSSv2
CVE-2019-2392
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions before 4.4.1; v4.2 versions before 4.2.9; v4.0 ...
Mongodb Mongodb
4
CVSSv2
CVE-2019-2393
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions before 4.2.1; MongoDB Server v4.0 versions before 4.0.13 and MongoDB Server v3.6 ver...
Mongodb Mongodb
NA
CVE-2023-1409
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially all...
Mongodb Mongodb
2.1
CVSSv2
CVE-2014-8180
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
Mongodb Mongodb
4
CVSSv2
CVE-2018-25004
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions before 4.0.6 and MongoDB Server v3.6 versions before 3.6.11.
Mongodb Mongodb
4
CVSSv2
CVE-2021-32037
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to l...
Mongodb Mongodb
4
CVSSv2
CVE-2021-20326
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions before 4.4.4.
Mongodb Mongodb
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »