CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3374 – MongoDB Server (mongod) may crash when generating ftdc
https://notcve.org/view.php?id=CVE-2024-3374
14 May 2024 — An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5. Un usuario no autenticado puede desencadenar una afirmación fatal en el servidor mientras genera métricas de diagnóstico ftdc debido a que intenta crear un objeto BSON que excede ciertos... • https://jira.mongodb.org/browse/SERVER-75601 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3372 – MongoDB Server may have unexpected application behaviour due to invalid BSON
https://notcve.org/view.php?id=CVE-2024-3372
14 May 2024 — Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25. Una validación inadecuada de cierta entrada de metadatos puede provocar que el servidor no serialice correctam... • https://jira.mongodb.org/browse/SERVER-85263 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1351 – MongoDB Server may allow successful untrusted connection
https://notcve.org/view.php?id=CVE-2024-1351
07 Mar 2024 — Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including... • https://jira.mongodb.org/browse/SERVER-72839 • CWE-295: Improper Certificate Validation •