Search CVE reports
1 – 10 of 53 results
CVE-2024-8654
Medium priorityMongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.
1 affected packages
mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongodb | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-8207
Medium priorityIn certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to...
1 affected packages
mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongodb | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-7553
Medium priorityIncorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined...
3 affected packages
mongo-c-driver, mongodb, php-mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongo-c-driver | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
mongodb | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
php-mongodb | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-6375
Medium priorityA command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through...
1 affected packages
mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongodb | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-3374
Medium priorityAn unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server...
1 affected packages
mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongodb | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-3372
Medium priorityImproper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus...
1 affected packages
mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongodb | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-1351
Medium priorityUnder certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by...
1 affected packages
mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongodb | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-0437
Medium priorityWhen calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.
1 affected packages
mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongodb | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-32050
Medium prioritySome MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific...
3 affected packages
mongo-c-driver, node-mongodb, php-mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongo-c-driver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
node-mongodb | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
php-mongodb | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-1409
Medium priorityIf the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that...
1 affected packages
mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongodb | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |