Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mongodb Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 62 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14227 1 Mongodb 1 Mongodb 2019-10-03 5.0 MEDIUM 7.5 HIGH
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.
CVE-2013-2132 3 Canonical, Mongodb, Opensuse 3 Ubuntu Linux, Mongodb, Opensuse 2018-10-30 4.3 MEDIUM N/A
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
CVE-2016-6494 2 Fedoraproject, Mongodb 2 Fedora, Mongodb 2017-11-28 2.1 LOW 5.5 MEDIUM
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
CVE-2017-15535 1 Mongodb 1 Mongodb 2017-11-22 6.4 MEDIUM 9.1 CRITICAL
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
CVE-2015-1609 2 Fedoraproject, Mongodb 2 Fedora, Mongodb 2017-07-01 5.0 MEDIUM N/A
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
CVE-2014-8180 2 Mongodb, Redhat 2 Mongodb, Satellite 2017-06-14 2.1 LOW 5.5 MEDIUM
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
CVE-2016-3104 1 Mongodb 1 Mongodb 2017-04-22 5.0 MEDIUM 7.5 HIGH
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.
CVE-2014-3971 1 Mongodb 1 Mongodb 2014-12-29 5.0 MEDIUM N/A
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.
CVE-2012-6619 1 Mongodb 1 Mongodb 2014-05-07 6.4 MEDIUM N/A
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
CVE-2013-1892 2 Mongodb, Redhat 2 Mongodb, Enterprise Mrg 2013-12-01 6.0 MEDIUM N/A
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
CVE-2013-3969 1 Mongodb 1 Mongodb 2013-10-02 6.5 MEDIUM N/A
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
CVE-2013-4650 1 Mongodb 1 Mongodb 2013-07-05 6.5 MEDIUM N/A
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.