Filtered by vendor Mongodb
Subscribe
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3104 | 1 Mongodb | 1 Mongodb | 2017-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. | |||||
| CVE-2014-3971 | 1 Mongodb | 1 Mongodb | 2014-12-29 | 5.0 MEDIUM | N/A |
| The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. | |||||
| CVE-2012-6619 | 1 Mongodb | 1 Mongodb | 2014-05-07 | 6.4 MEDIUM | N/A |
| The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. | |||||
| CVE-2013-3969 | 1 Mongodb | 1 Mongodb | 2013-10-02 | 6.5 MEDIUM | N/A |
| The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object. | |||||
| CVE-2013-4650 | 1 Mongodb | 1 Mongodb | 2013-07-05 | 6.5 MEDIUM | N/A |
| MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. | |||||