Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 53 results


CVE-2024-8654

Medium priority
Needs evaluation

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.

1 affected packages

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-8207

Medium priority
Needs evaluation

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to...

1 affected packages

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-7553

Medium priority
Needs evaluation

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined...

3 affected packages

mongo-c-driver, mongodb, php-mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongo-c-driver Needs evaluation Needs evaluation Needs evaluation
mongodb Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
php-mongodb Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-6375

Medium priority
Needs evaluation

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through...

1 affected packages

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-3374

Medium priority
Needs evaluation

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server...

1 affected packages

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-3372

Medium priority
Needs evaluation

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus...

1 affected packages

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-1351

Medium priority
Needs evaluation

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by...

1 affected packages

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-0437

Medium priority
Needs evaluation

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

1 affected packages

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-32050

Medium priority
Needs evaluation

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific...

3 affected packages

mongo-c-driver, node-mongodb, php-mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongo-c-driver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
node-mongodb Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
php-mongodb Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-1409

Medium priority
Needs evaluation

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that...

1 affected packages

mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongodb Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages