Mongodb

Mongodb

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2017-2665

  • EPSS 0.04%
  • Veröffentlicht 06.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:56

The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyri...

9.1

CVE-2017-15535

  • EPSS 0.48%
  • Veröffentlicht 01.11.2017 01:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker...

7.5

CVE-2017-14227

  • EPSS 1.49%
  • Veröffentlicht 09.09.2017 08:29:00
  • Zuletzt bearbeitet 03.11.2025 20:15:41

In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function ...

5.5

CVE-2014-8180

  • EPSS 0.05%
  • Veröffentlicht 06.06.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.

7.5

CVE-2016-3104

  • EPSS 1.29%
  • Veröffentlicht 14.04.2017 18:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent dat...

5.5

CVE-2016-6494

  • EPSS 0.06%
  • Veröffentlicht 03.10.2016 18:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

5

CVE-2015-1609

  • EPSS 1.7%
  • Veröffentlicht 30.03.2015 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.

5

CVE-2014-3971

  • EPSS 1.98%
  • Veröffentlicht 25.12.2014 11:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 ...

6.4

CVE-2012-6619

Exploit
  • EPSS 2.22%
  • Veröffentlicht 06.03.2014 15:55:28
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which ...

6.5

CVE-2013-3969

  • EPSS 8.24%
  • Veröffentlicht 01.10.2013 20:55:33
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB obj...