Mongodb Inc Mongodb Server vulnerabilities
74 known vulnerabilities affecting mongodb_inc/mongodb_server.
Total CVEs
74
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH31MEDIUM37LOW3
Vulnerabilities
Page 4 of 4
CVE-2020-7928MEDIUMCVSS 6.5≥ 4.4, < 4.4.1≥ 4.2, < 4.2.9+2 more2020-11-23
CVE-2020-7928 [MEDIUM] CWE-158 CVE-2020-7928: A user authorized to perform database queries may trigger a read overrun and access arbitrary memory
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and MongoDB Server v3.6 versions prior to 3.6.20.
cvelistv5nvd
CVE-2019-20923MEDIUMCVSS 6.5≥ 4.0, < 4.0.72020-11-23
CVE-2019-20923 [MEDIUM] CWE-749 CVE-2019-20923: A user authorized to perform database queries may trigger denial of service by issuing specially cra
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.
cvelistv5nvd
CVE-2019-2393MEDIUMCVSS 6.5≥ 3.6, < 3.6.15≥ 4.0, < 4.0.13+1 more2020-11-23
CVE-2019-2393 [MEDIUM] CWE-416 CVE-2019-2393: A user authorized to perform database queries may trigger denial of service by issuing specially cra
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13 and MongoDB Server v3.6 versions prior to 3.6.15.
cvelistv5nvd
CVE-2018-20805MEDIUMCVSS 6.5≥ 3.6, < 3.6.10≥ 4.0, < 4.0.52020-11-23
CVE-2018-20805 [MEDIUM] CWE-834 CVE-2018-20805: A user authorized to perform database queries may trigger denial of service by issuing specially cra
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.
cvelistv5nvd
CVE-2018-20803MEDIUMCVSS 6.5≥ 4.0, < 4.0.5≥ 3.6, < 3.6.10+1 more2020-11-23
CVE-2018-20803 [MEDIUM] CWE-835 CVE-2018-20803: A user authorized to perform database queries may trigger denial of service by issuing specially cra
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects MongoDB Server v4.0 versions prior to 4.0.5; MongoDB Server v3.6 versions prior to 3.6.10 and MongoDB Server v3.4 versions prior to 3.4.19.
cvelistv5nvd
CVE-2019-20924MEDIUMCVSS 6.5≥ 4.2, < 4.2.22020-11-23
CVE-2019-20924 [MEDIUM] CWE-394 CVE-2019-20924: A user authorized to perform database queries may trigger denial of service by issuing specially cra
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.
cvelistv5nvd
CVE-2019-2392MEDIUMCVSS 6.5≥ 3.6, < 3.6.20≥ 4.0, < 4.0.20+2 more2020-11-23
CVE-2019-2392 [MEDIUM] CWE-190 CVE-2019-2392: A user authorized to perform database queries may trigger denial of service by issuing specially cra
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.
cvelistv5nvd
CVE-2018-20804MEDIUMCVSS 6.5≥ 3.6, < 3.6.13≥ 4.0, < 4.0.102020-11-23
CVE-2018-20804 [MEDIUM] CWE-20 CVE-2018-20804: A user authorized to perform database queries may trigger denial of service by issuing specially cra
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.
cvelistv5nvd
CVE-2018-20802MEDIUMCVSS 6.5≥ 3.6, < 3.6.9≥ 4.0, < 4.0.32020-11-23
CVE-2018-20802 [MEDIUM] CWE-394 CVE-2018-20802: A user authorized to perform database queries may trigger denial of service by issuing specially cra
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.
cvelistv5nvd
CVE-2020-7923MEDIUMCVSS 6.5≥ 4.4, < 4.4.0-rc7≥ 4.2, < 4.2.8+1 more2020-08-21
CVE-2020-7923 [MEDIUM] CWE-755 CVE-2020-7923: A user authorized to perform database queries may cause denial of service by issuing specially craft
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.
cvelistv5nvd
CVE-2020-7921MEDIUMCVSS 5.3≥ 4.2, < 4.2.3≥ 4.0, < 4.0.15+2 more2020-05-06
CVE-2020-7921 [MEDIUM] CWE-182 CVE-2020-7921: Improper serialization of internal state in the authorization subsystem in MongoDB Server's authoriz
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB
cvelistv5nvd
CVE-2019-2390HIGHCVSS 7.8≥ 4.0, < 4.0.11≥ 3.6, < 3.6.14+1 more2019-08-30
CVE-2019-2390 [HIGH] CWE-94 CVE-2019-2390: An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server
cvelistv5nvd
CVE-2019-2389MEDIUMCVSS 4.2≥ 4.0, < 4.0.11≥ 3.6, < 3.6.14+1 more2019-08-30
CVE-2019-2389 [MEDIUM] CWE-732 CVE-2019-2389: Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server
cvelistv5nvd
CVE-2019-2386HIGHCVSS 7.1≥ 4.0, < 4.0.9≥ 3.6, < 3.6.13+1 more2019-08-06
CVE-2019-2386 [HIGH] CWE-285 CVE-2019-2386: After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9; MongoDB Server v3.6 versions prior to 3.6.13 and MongoDB Serv
cvelistv5nvd
← Previous4 / 4