Mongodb

Mongodb

91 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2017-14227

  • EPSS 1.38%
  • Veröffentlicht 09.09.2017 08:29:00
  • Zuletzt bearbeitet 03.11.2025 20:15:41

In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function ...

5.5

CVE-2014-8180

  • EPSS 0.05%
  • Veröffentlicht 06.06.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.

7.5

CVE-2016-3104

  • EPSS 1.29%
  • Veröffentlicht 14.04.2017 18:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent dat...

5.5

CVE-2016-6494

  • EPSS 0.08%
  • Veröffentlicht 03.10.2016 18:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

5

CVE-2015-1609

  • EPSS 1.69%
  • Veröffentlicht 30.03.2015 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.

5

CVE-2014-3971

  • EPSS 1.1%
  • Veröffentlicht 25.12.2014 11:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 ...

6.4

CVE-2012-6619

Exploit
  • EPSS 1.27%
  • Veröffentlicht 06.03.2014 15:55:28
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which ...

6.5

CVE-2013-3969

  • EPSS 8.24%
  • Veröffentlicht 01.10.2013 20:55:33
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB obj...

6

CVE-2013-1892

Exploit
  • EPSS 53.53%
  • Veröffentlicht 01.10.2013 20:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arb...

4.3

CVE-2013-2132

Exploit
  • EPSS 2.22%
  • Veröffentlicht 15.08.2013 17:55:24
  • Zuletzt bearbeitet 11.04.2025 00:51:21

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef....