Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb mongodb vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-20925
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions before 4.2.1; MongoDB Server v4.0 versions before 4.0....
Mongodb Mongodb
9.1
CVSSv3
CVE-2017-15535
MongoDB 3.4.x prior to 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious malicious user to deny service or mo...
Mongodb Mongodb
5.3
CVSSv3
CVE-2020-7921
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 ...
Mongodb Mongodb
6.5
CVSSv3
CVE-2020-7923
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions before 4.4.0-rc7; MongoDB Server v4.2 vers...
Mongodb Mongodb
6.5
CVSSv3
CVE-2020-7926
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions prior to 4.4 are not affected.
Mongodb Mongodb
6.5
CVSSv3
CVE-2020-7928
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions before 4.4.1; MongoDB Server v4.2 versions before 4.2.9; MongoDB Server v4.0 versions before ...
Mongodb Mongodb
6.5
CVSSv3
CVE-2020-7929
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions before 3.6.21 and MongoDB Server v4.0 versions before 4.0.20.
Mongodb Mongodb
7.1
CVSSv3
CVE-2021-32036
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field ...
Mongodb Mongodb
5.5
CVSSv3
CVE-2021-32039
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious malicious users to perform unauthorized actions. This vulnerability affects all MongoDB Extens...
Mongodb Mongodb
7.5
CVSSv3
CVE-2021-32040
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash...
Mongodb Mongodb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »