CVE-2024-6375
- EPSS 0.38%
- Veröffentlicht 01.07.2024 15:15:17
- Zuletzt bearbeitet 21.11.2024 09:49:31
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels....
CVE-2024-3372
- EPSS 0.55%
- Veröffentlicht 14.05.2024 16:17:31
- Zuletzt bearbeitet 22.09.2025 13:36:41
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This iss...
CVE-2024-3374
- EPSS 0.46%
- Veröffentlicht 14.05.2024 16:17:31
- Zuletzt bearbeitet 29.09.2025 18:05:41
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and incl...
CVE-2024-1351
- EPSS 0.5%
- Veröffentlicht 07.03.2024 17:15:12
- Zuletzt bearbeitet 11.03.2025 16:56:35
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connect...
CVE-2023-1409
- EPSS 0.37%
- Veröffentlicht 23.08.2023 16:15:08
- Zuletzt bearbeitet 13.02.2025 17:15:58
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not...
CVE-2022-24272
- EPSS 0.89%
- Veröffentlicht 21.04.2022 11:15:08
- Zuletzt bearbeitet 21.11.2024 06:50:04
An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 ...
CVE-2021-32040
- EPSS 1.97%
- Veröffentlicht 12.04.2022 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:06:45
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur...
CVE-2021-32036
- EPSS 1.03%
- Veröffentlicht 04.02.2022 23:15:11
- Zuletzt bearbeitet 21.11.2024 06:06:45
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare c...
CVE-2021-32039
- EPSS 0.28%
- Veröffentlicht 20.01.2022 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:06:45
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability af...
CVE-2021-20330
- EPSS 1.04%
- Veröffentlicht 15.12.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 05:46:23
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior t...