Latest mongodb mongodb Vulnerabilities

CVE-2023-1409
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is p...
MongoDB MongoDB>=4.4.0<4.4.23
MongoDB MongoDB>=5.0.0<=5.0.14
MongoDB MongoDB>=6.0.0<6.0.7
MongoDB MongoDB>=6.3.0<=6.3.2
Apple macOS
Microsoft Windows
CVE-2022-24272
An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. Thi...
MongoDB MongoDB>=5.0.0<=5.0.6
CVE-2021-32040
Large aggregation pipelines with a specific stage can crash mongod under default configuration
MongoDB MongoDB>=4.2.0<4.2.16
MongoDB MongoDB>=4.4.0<4.4.11
MongoDB MongoDB>=5.0.0<5.0.4
CVE-2021-32036
Denial of Service and Data Integrity vulnerability in features command
MongoDB MongoDB>=2.0.0<4.2.18
MongoDB MongoDB>=4.4.0<4.4.10
MongoDB MongoDB>=5.0.0<5.0.4
CVE-2021-32039
MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text
Mongodb Mongodb<=0.7.0
CVE-2021-20330
Specific replication command with malformed oplog entries can crash secondaries
MongoDB MongoDB>=4.0.0<4.0.25
MongoDB MongoDB>=4.2.0<4.2.14
MongoDB MongoDB>=4.4.0<4.4.6
CVE-2021-32037
User may trigger invariant when allowed to send commands directly to shards
MongoDB MongoDB>=5.0.0<=5.0.2
CVE-2021-20333
Server log entry spoofing via newline injection
MongoDB MongoDB>=3.6.0<3.6.20
MongoDB MongoDB>=4.0.0<4.0.21
MongoDB MongoDB>=4.2.0<4.2.10
CVE-2021-20326
Specially crafted query may result in a denial of service of mongod
MongoDB MongoDB>=4.4.0<4.4.4
CVE-2020-7929
Specially crafted regex query can cause DoS
MongoDB MongoDB>=3.6.0<3.6.21
MongoDB MongoDB>=4.0.0<4.0.20
CVE-2018-25004
Invariant failure when explaining a find with a UUID
MongoDB MongoDB>=3.6.0<3.6.11
MongoDB MongoDB>=4.0.0<4.0.6
CVE-2019-20925
Denial of service via malformed network packet
MongoDB MongoDB>=3.4.0<3.4.24
MongoDB MongoDB>=3.6.0<3.6.15
MongoDB MongoDB>=4.0.0<4.0.13
MongoDB MongoDB>=4.2.0<4.2.1
CVE-2019-2393
Crash while joining collections with $lookup
MongoDB MongoDB>=3.6.0<3.6.15
MongoDB MongoDB>=4.0.0<4.0.13
MongoDB MongoDB>=4.2.0<4.2.1
CVE-2018-20804
Invariant failure in applyOps
MongoDB MongoDB>=3.6.0<3.6.13
MongoDB MongoDB>=4.0.0<4.0.10
CVE-2019-20924
Invariant in IndexBoundsBuilder
MongoDB MongoDB>=4.2.0<4.2.2
CVE-2018-20805
Invariant with $elemMatch
MongoDB MongoDB>=3.6.0<3.6.10
MongoDB MongoDB>=4.0.0<4.0.5
CVE-2019-2392
$mod can result in undefined behavior
>=3.6.0<3.6.20
>=4.0.0<4.0.20
>=4.2.0<4.2.9
>=4.4.0<4.4.1
MongoDB MongoDB>=3.6.0<3.6.20
MongoDB MongoDB>=4.0.0<4.0.20
and 2 more
CVE-2018-20802
Post-auth queries on compound index may crash mongod
MongoDB MongoDB>=3.6.0<3.6.9
MongoDB MongoDB>=4.0.0<4.0.3
CVE-2019-20923
Crash while handling internal Javascript exception types
MongoDB MongoDB>=4.0.0<4.0.7
CVE-2020-7926
Specific query can cause a DoS against MongoDB Server
MongoDB MongoDB>=4.4.0<4.4.1
CVE-2020-7925
Denial of Service when processing malformed Role names
MongoDB MongoDB>=4.2.0<4.2.9
MongoDB MongoDB=4.4.0-rc1
MongoDB MongoDB=4.4.0-rc10
MongoDB MongoDB=4.4.0-rc11
MongoDB MongoDB=4.4.0-rc2
MongoDB MongoDB=4.4.0-rc3
and 6 more
CVE-2020-7928
Improper neutralization of null byte leads to read overrun
MongoDB MongoDB>=3.6.0<3.6.20
MongoDB MongoDB>=4.0.0<4.0.20
MongoDB MongoDB>=4.2.0<4.2.9
MongoDB MongoDB>=4.4.0<4.4.1
MongoDB MongoDB>=4.5.0<4.5.1
CVE-2018-20803
Infinite loop in aggregation expression
MongoDB MongoDB>=3.4.0<3.4.19
MongoDB MongoDB>=3.6.0<3.6.10
MongoDB MongoDB>=4.0.0<4.0.5
CVE-2020-7923
Specific GeoQuery can cause DoS against MongoDB Server
MongoDB MongoDB>=4.0<4.0.19
MongoDB MongoDB>=4.2<4.2.8
MongoDB MongoDB>=4.4<4.4.0
CVE-2020-7921
Administrative action may disable enforcement of per-user IP whitelisting
MongoDB MongoDB>=3.6.0<3.6.18
MongoDB MongoDB>=4.0.0<4.0.15
MongoDB MongoDB>=4.2.0<4.2.3
MongoDB MongoDB>=4.3.0<4.3.3
CVE-2019-2389
Process termination via PID file manipulation
MongoDB MongoDB>=3.4.0<3.4.22
MongoDB MongoDB>=3.6.0<3.6.14
MongoDB MongoDB>=4.0.0<4.0.11
CVE-2019-2390
Code execution on Windows via OpenSSL engine injection
MongoDB MongoDB>=3.4.0<3.4.22
MongoDB MongoDB>=3.6.0<3.6.14
MongoDB MongoDB>=4.0.0<4.0.11
Microsoft Windows
MongoDB MongoDB>=3.4.0<3.4.22
MongoDB MongoDB>=3.6.0<3.6.14
and 2 more
CVE-2019-2386
Authorization session conflation
MongoDB MongoDB>=3.4.0<3.4.22
MongoDB MongoDB>=3.6.0<3.6.13
MongoDB MongoDB>=4.0.0<4.0.9
CVE-2015-7882
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
MongoDB MongoDB>=3.0.0<=3.0.6
CVE-2017-2665
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any...
MongoDB MongoDB
Redhat Storage Console=2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203