Server
by MongoDB
Source repositories
CVEs (68)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20804 | 0.00 | — | 0.00 | Nov 23, 2020 | A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13. | |||
| CVE-2020-7926 | 0.00 | — | 0.00 | Nov 23, 2020 | A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected. | |||
| CVE-2020-7925 | 0.00 | — | 0.02 | Nov 23, 2020 | Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB… | |||
| CVE-2020-7923 | 0.00 | — | 0.00 | Aug 21, 2020 | A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2… | |||
| CVE-2020-7921 | 0.00 | — | 0.00 | May 6, 2020 | Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2… | |||
| CVE-2019-2390 | 0.00 | — | 0.00 | Aug 30, 2019 | An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions… | |||
| CVE-2019-2386 | 0.00 | — | 0.00 | Aug 6, 2019 | After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions… | |||
| CVE-2015-7882 | 0.00 | — | 0.01 | Jul 19, 2019 | Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. |
- CVE-2018-20804Nov 23, 2020risk 0.00cvss —epss 0.00
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.
- CVE-2020-7926Nov 23, 2020risk 0.00cvss —epss 0.00
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected.
- CVE-2020-7925Nov 23, 2020risk 0.00cvss —epss 0.02
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB…
- CVE-2020-7923Aug 21, 2020risk 0.00cvss —epss 0.00
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2…
- CVE-2020-7921May 6, 2020risk 0.00cvss —epss 0.00
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2…
- CVE-2019-2390Aug 30, 2019risk 0.00cvss —epss 0.00
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions…
- CVE-2019-2386Aug 6, 2019risk 0.00cvss —epss 0.00
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions…
- CVE-2015-7882Jul 19, 2019risk 0.00cvss —epss 0.01
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access.
Page 4 of 4