Known Vulnerabilities for products from Mongodb

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mongodb".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-32039 Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code ... Not Provided 2022-01-20 2022-01-20
CVE-2021-32037 An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation re... 6.5 - MEDIUM 2021-11-24 2021-11-29
CVE-2021-20335 For MongoDB Ops Manager <= 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, ... 4.6 - MEDIUM 2021-02-11 2021-06-09
CVE-2021-20334 A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary softw... 7.8 - HIGH 2021-04-06 2021-04-14
CVE-2021-20333 Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entrie... 5.3 - MEDIUM 2021-07-23 2021-08-03
CVE-2021-20332 Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the ... 4.4 - MEDIUM 2021-08-02 2021-08-10
CVE-2021-20331 Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command... 4.9 - MEDIUM 2021-05-13 2021-06-03
CVE-2021-20330 An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplo... 6.5 - MEDIUM 2021-12-15 2021-12-20
CVE-2021-20329 Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malic... 6.5 - MEDIUM 2021-06-10 2021-06-23
CVE-2021-20328 Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host nam... 6.8 - MEDIUM 2021-02-25 2021-06-11
CVE-2021-20327 A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s ... 6.8 - MEDIUM 2021-02-25 2021-03-04
CVE-2021-20326 A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB In... 6.5 - MEDIUM 2021-04-30 2021-05-03
CVE-2020-12135 bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the... 5.5 - MEDIUM 2020-04-24 2020-08-12
CVE-2020-7929 A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type... 6.5 - MEDIUM 2021-03-01 2021-03-08
CVE-2020-7928 A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially cra... 6.5 - MEDIUM 2020-11-23 2020-12-02
CVE-2020-7927 Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with ... 6.5 - MEDIUM 2020-11-23 2020-12-03
CVE-2020-7926 A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates... 6.5 - MEDIUM 2020-11-23 2020-11-29
CVE-2020-7925 Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticate... 7.5 - HIGH 2020-11-23 2021-10-19
CVE-2020-7924 Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may res... 6.5 - MEDIUM 2021-04-12 2021-04-21
CVE-2020-7923 A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate... 6.5 - MEDIUM 2020-08-21 2020-12-01

Known software with vulnerabilities from Mongodb

Type Vendor Product Version
ApplicationMongodbBson1.0.0
ApplicationMongodbJs-bson0.0.5
ApplicationMongodbKubernetes Operator0.2
ApplicationMongodbLibbson0.2.0
ApplicationMongodbLibmongocrypt0.3.0
ApplicationMongodbMongodb-
ApplicationMongodbMongodb Enterprise Kubernetes Operator0.2
ApplicationMongodbOps Manager1.6.0

Popular searches for "Mongodb"

MongoDB Cross-platform document-oriented database

MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas. MongoDB is developed by MongoDB Inc. and licensed under the Server Side Public License.

© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report