CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10921 – Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server
https://notcve.org/view.php?id=CVE-2024-10921
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2. • https://jira.mongodb.org/browse/SERVER-96419 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8305 – MongoDB Server secondaries may crash due to forced index constraints
https://notcve.org/view.php?id=CVE-2024-8305
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4 • https://jira.mongodb.org/browse/SERVER-92382 • CWE-1288: Improper Validation of Consistency within Input •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8654 – MongoDB Server may access non-initialized region of memory leading to unexpected behaviour
https://notcve.org/view.php?id=CVE-2024-8654
MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3. MongoDB Server puede acceder a una región de memoria no inicializada, lo que genera un comportamiento inesperado cuando se invocan argumentos cero en la etapa de agregación interna. Este problema afecta a MongoDB Server v6.0 versión 6.0.3. • https://jira.mongodb.org/browse/SERVER-71477 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6384 – Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server
https://notcve.org/view.php?id=CVE-2024-6384
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3 • https://jira.mongodb.org/browse/SERVER-93516 • CWE-285: Improper Authorization •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-7553 – Accessing Untrusted Directory May Allow Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-7553
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue • https://jira.mongodb.org/browse/CDRIVER-5650 https://jira.mongodb.org/browse/PHPC-2369 https://jira.mongodb.org/browse/SERVER-93211 • CWE-284: Improper Access Control •