IDCVSSSummaryLast (major) updatePublished
CVE-2017-2665 1.9
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyri
06-07-2018 - 09:29 06-07-2018 - 09:29
CVE-2017-15535 6.4
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker
31-10-2017 - 21:29 31-10-2017 - 21:29
CVE-2017-14227 5.0
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function
09-09-2017 - 04:29 09-09-2017 - 04:29
CVE-2014-8180 2.1
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
06-06-2017 - 14:29 06-06-2017 - 14:29
CVE-2016-3104 5.0
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent dat
22-04-2017 - 10:15 14-04-2017 - 14:59
CVE-2015-1609 5.0
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
07-12-2016 - 13:09 30-03-2015 - 10:59
CVE-2016-6494 2.1
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
04-10-2016 - 13:36 03-10-2016 - 14:59
CVE-2014-3971 5.0
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509
29-12-2014 - 11:47 25-12-2014 - 06:59
CVE-2012-6619 6.4
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which
06-05-2014 - 23:45 06-03-2014 - 10:55
CVE-2013-1892 6.0
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arb
30-11-2013 - 23:27 01-10-2013 - 16:55
CVE-2013-2132 4.3
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef.
07-10-2013 - 15:35 15-08-2013 - 13:55
CVE-2013-3969 6.5
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB obj
02-10-2013 - 16:38 01-10-2013 - 16:55
CVE-2013-4650 6.5
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
05-07-2013 - 00:00 04-07-2013 - 10:33
Back to Top Mark selected
Back to Top