VYPR

MongoDB

by MongoDB

Source repositories

CVEs (67)

  • CVE-2024-3374May 14, 2024
    risk 0.00cvss epss 0.00

    An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB…

  • CVE-2024-3372May 14, 2024
    risk 0.00cvss epss 0.01

    Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server…

  • CVE-2015-1609Mar 30, 2015
    risk 0.00cvss epss 0.03

    MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.

  • CVE-2014-3971Dec 25, 2014
    risk 0.00cvss epss 0.01

    The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

  • CVE-2012-6619Mar 6, 2014
    risk 0.00cvss epss 0.04

    The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

  • CVE-2013-2132Aug 15, 2013
    risk 0.00cvss epss 0.03

    bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

  • CVE-2013-4650Jul 4, 2013
    risk 0.00cvss epss 0.02

    MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.

Page 4 of 4