CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10921 – Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server
https://notcve.org/view.php?id=CVE-2024-10921
14 Nov 2024 — An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2. • https://jira.mongodb.org/browse/SERVER-96419 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8305 – MongoDB Server secondaries may crash due to forced index constraints
https://notcve.org/view.php?id=CVE-2024-8305
21 Oct 2024 — prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4 • https://jira.mongodb.org/browse/SERVER-92382 • CWE-1288: Improper Validation of Consistency within Input •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6384 – Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server
https://notcve.org/view.php?id=CVE-2024-6384
13 Aug 2024 — "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3 • https://jira.mongodb.org/browse/SERVER-93516 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-7553 – Accessing Untrusted Directory May Allow Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-7553
07 Aug 2024 — Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and ... • https://jira.mongodb.org/browse/CDRIVER-5650 • CWE-284: Improper Access Control •