CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-7553 – Accessing Untrusted Directory May Allow Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-7553
07 Aug 2024 — Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and ... • https://jira.mongodb.org/browse/CDRIVER-5650 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6383 – MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow
https://notcve.org/view.php?id=CVE-2024-6383
03 Jul 2024 — The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1 • https://jira.mongodb.org/browse/CDRIVER-5628 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6382 – Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
https://notcve.org/view.php?id=CVE-2024-6382
02 Jul 2024 — Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2 El manejo incorrecto de ciertas entradas de cadenas puede provocar que el controlador MongoDB Rust cree comandos de servidor no deseados. Esto puede provocar un comportamiento inesperado de la aplicación, incluida la modificación de datos. Este probl... • https://jira.mongodb.org/browse/RUST-1881 • CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6381 – MongoDB C Driver bson_strfreev may be susceptible to integer overflow
https://notcve.org/view.php?id=CVE-2024-6381
02 Jul 2024 — The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2 La función bson_strfreev en la librería del controlador MongoDB C puede ser susceptible a un desbordamiento de enteros donde la función intentará liberar memoria con un desplazamiento negativo. Esto puede provocar daños en la memoria. Este problema afectó... • https://jira.mongodb.org/browse/CDRIVER-5622 • CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3374 – MongoDB Server (mongod) may crash when generating ftdc
https://notcve.org/view.php?id=CVE-2024-3374
14 May 2024 — An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5. Un usuario no autenticado puede desencadenar una afirmación fatal en el servidor mientras genera métricas de diagnóstico ftdc debido a que intenta crear un objeto BSON que excede ciertos... • https://jira.mongodb.org/browse/SERVER-75601 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3372 – MongoDB Server may have unexpected application behaviour due to invalid BSON
https://notcve.org/view.php?id=CVE-2024-3372
14 May 2024 — Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25. Una validación inadecuada de cierta entrada de metadatos puede provocar que el servidor no serialice correctam... • https://jira.mongodb.org/browse/SERVER-85263 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3371 – Insufficient validation of external input in Compass may enable MITM attacks
https://notcve.org/view.php?id=CVE-2024-3371
24 Apr 2024 — MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0. MongoDB Compass puede aceptar y utilizar entradas no suficientemente validadas de una fuente externa que no sea de confianza. Esto puede provocar un comportamiento no deseado de la aplicación, incluida la divulgación de datos y pe... • https://jira.mongodb.org/browse/COMPASS-7260 • CWE-360: Trust of System Event Data •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1351 – MongoDB Server may allow successful untrusted connection
https://notcve.org/view.php?id=CVE-2024-1351
07 Mar 2024 — Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including... • https://jira.mongodb.org/browse/SERVER-72839 • CWE-295: Improper Certificate Validation •