CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32036 – Denial of Service and Data Integrity vulnerability in features command
https://notcve.org/view.php?id=CVE-2021-32036
04 Feb 2022 — An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 ... • https://jira.mongodb.org/browse/SERVER-59294 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32039 – MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text
https://notcve.org/view.php?id=CVE-2021-32039
20 Jan 2022 — Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0 Los usuarios con acceso apropiado a los archivos pueden ser capaces de acceder a las credenciales de usuario sin cifrar guardadas por MongoDB Extension for VS Code en un archivo binario... • https://github.com/mongodb-js/vscode/releases/tag/v0.8.0 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2267
https://notcve.org/view.php?id=CVE-2020-2267
16 Sep 2020 — A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. Una falta de comprobación de permisos en Jenkins MongoDB Plugin versiones 1.3 y anteriores, permite a atacantes con permiso Overall/Read conseguir acceso a algunos metadatos de cualquier archivo arbitrario en el controlador de Jenkins • http://www.openwall.com/lists/oss-security/2020/09/16/3 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2268
https://notcve.org/view.php?id=CVE-2020-2268
16 Sep 2020 — A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins MongoDB Plugin versiones 1.3 y anteriores, permite a atacantes conseguir acceso a algunos metadatos de cualquier archivo arbitrario en el controlador de Jenkins • http://www.openwall.com/lists/oss-security/2020/09/16/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-3800 – CF CLI writes the client id and secret to config file
https://notcve.org/view.php?id=CVE-2019-3800
05 Aug 2019 — CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. La CLI de CF anterior a versión v6.45.0 (versión de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuración cuando el usuario se autentica con el flag --... • https://pivotal.io/security/cve-2019-3800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7882 – Authentication bypass when using LDAP authentication in MongoDB Enterprise Server
https://notcve.org/view.php?id=CVE-2015-7882
19 Jul 2019 — Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. El manejo inapropiado de la autenticación LDAP en MongoDB Server versiones 3.0.0 hasta 3.0.6, permite a un cliente no autenticado conseguir acceso no autorizado. • https://jira.mongodb.org/browse/SERVER-20691 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-14227
https://notcve.org/view.php?id=CVE-2017-14227
09 Sep 2017 — In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. En MongoDB libbson 1.7.0, la función bson_iter_codewscope en bson-iter.c no calcula correctamente un argumento de longitud bson_utf8_validate, lo que permite que atacantes remotos provoquen una denegación de se... • http://www.securityfocus.com/bid/100825 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2016-3104
https://notcve.org/view.php?id=CVE-2016-3104
14 Apr 2017 — mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. Mongod en MongoDB 2.6, cuando se utilizan usuarios de estilo 2.4 y 2.4 permiten a los atacantes remotos provocar una denegación de servicio (consumo de memoria y terminación del proceso) aprovechando la representación de la base de datos en memoria al aut... • http://www.securityfocus.com/bid/94929 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6494
https://notcve.org/view.php?id=CVE-2016-6494
03 Oct 2016 — The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. El cliente en MongoDB utiliza permisos accesibles a todos en archivos históricos .dbshell, lo que podría permitir a usuarios locales obtener información sensible leyendo estos archivos. • http://www.openwall.com/lists/oss-security/2016/07/29/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2015-1609 – Gentoo Linux Security Advisory 201611-13
https://notcve.org/view.php?id=CVE-2015-1609
30 Mar 2015 — MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. MongoDB anterior a 2.4.13 y 2.6.x anterior a 2.6.8 permite a atacantes remotos causar una denegación de servicio a través de una cadena UTF-8 manipulada en una solicitud BSON. A vulnerability in MongoDB can lead to a Denial of Service condition. Versions less than 2.4.13 are affected. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152493.html • CWE-20: Improper Input Validation •