Bitnami package
mongodb
pkg:bitnami/mongodb
Vulnerabilities (85)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-7928 | Med | 6.5 | >= 3.6.0, < 3.6.20 | 3.6.20 | Nov 23, 2020 | A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions pri | |
| CVE-2020-7926 | Med | 6.5 | >= 4.4.0, < 4.4.1 | 4.4.1 | Nov 23, 2020 | A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected. | |
| CVE-2020-7925 | Hig | 7.5 | >= 4.2.0, < 4.2.9 | 4.2.9 | Nov 23, 2020 | Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Se | |
| CVE-2020-7923 | Med | 6.5 | >= 4.0.0, < 4.0.19 | 4.0.19 | Aug 21, 2020 | A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 version | |
| CVE-2020-7921 | Med | 4.6 | >= 3.6.0, < 3.6.18 | 3.6.18 | May 6, 2020 | Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versio |
- affected >= 3.6.0, < 3.6.20fixed 3.6.20
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions pri
- affected >= 4.4.0, < 4.4.1fixed 4.4.1
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected.
- affected >= 4.2.0, < 4.2.9fixed 4.2.9
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Se
- affected >= 4.0.0, < 4.0.19fixed 4.0.19
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 version
- affected >= 3.6.0, < 3.6.18fixed 3.6.18
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versio
Page 5 of 5