CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6384 – Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server
https://notcve.org/view.php?id=CVE-2024-6384
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3 • https://jira.mongodb.org/browse/SERVER-93516 • CWE-285: Improper Authorization •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-7553 – Accessing Untrusted Directory May Allow Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-7553
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue • https://jira.mongodb.org/browse/CDRIVER-5650 https://jira.mongodb.org/browse/PHPC-2369 https://jira.mongodb.org/browse/SERVER-93211 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6383 – MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow
https://notcve.org/view.php?id=CVE-2024-6383
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1 • https://jira.mongodb.org/browse/CDRIVER-5628 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6382 – Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
https://notcve.org/view.php?id=CVE-2024-6382
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2 El manejo incorrecto de ciertas entradas de cadenas puede provocar que el controlador MongoDB Rust cree comandos de servidor no deseados. Esto puede provocar un comportamiento inesperado de la aplicación, incluida la modificación de datos. Este problema afecta a las versiones MongoDB Rust Driver 2.0 anteriores a la 2.8.2 • https://jira.mongodb.org/browse/RUST-1881 • CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6381 – MongoDB C Driver bson_strfreev may be susceptible to integer overflow
https://notcve.org/view.php?id=CVE-2024-6381
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2 La función bson_strfreev en la librería del controlador MongoDB C puede ser susceptible a un desbordamiento de enteros donde la función intentará liberar memoria con un desplazamiento negativo. Esto puede provocar daños en la memoria. Este problema afectó a las versiones de Libbson anteriores a la 1.26.2. • https://jira.mongodb.org/browse/CDRIVER-5622 • CWE-680: Integer Overflow to Buffer Overflow •