CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20326 – Specially crafted query may result in a denial of service of mongod
https://notcve.org/view.php?id=CVE-2021-20326
30 Apr 2021 — A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4. Un usuario autorizado para llevar a cabo un tipo específico de consulta de búsqueda puede desencadenar una denegación de servicio. Este problema afecta a: MongoDB Inc. MongoDB Server versiones v4.4 anteriores a la 4.4.4. • https://jira.mongodb.org/browse/SERVER-53929 • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25004 – Invariant failure when explaining a find with a UUID
https://notcve.org/view.php?id=CVE-2018-25004
01 Mar 2021 — A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11. Un usuario autorizado para llevar a cabo un tipo específico de consulta puede desencadenar una denegación de servicio al emitir un comando de explicación genérico en una consulta de búsqueda. Este problema afecta a: MongoDB Inc. MongoDB Server version... • https://jira.mongodb.org/browse/SERVER-38275 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7929 – Specially crafted regex query can cause DoS
https://notcve.org/view.php?id=CVE-2020-7929
01 Mar 2021 — A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20. Un usuario autorizado para llevar a cabo consultas a la base de datos puede desencadenar una denegación de servicio cuando se emite una consulta especialmente diseñada que contenga un tipo de expresión regular. Este problema afecta a: MongoDB Inc. MongoDB S... • https://jira.mongodb.org/browse/SERVER-51083 • CWE-185: Incorrect Regular Expression •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20925 – Denial of service via malformed network packet
https://notcve.org/view.php?id=CVE-2019-20925
24 Nov 2020 — An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24. Un cliente no autenticado puede desencadenar una denegación de servicio al emitir mensajes de protocolo de cable especialmente di... • https://jira.mongodb.org/browse/SERVER-43751 • CWE-697: Incorrect Comparison CWE-839: Numeric Range Comparison Without Minimum Check •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20803 – Infinite loop in aggregation expression
https://notcve.org/view.php?id=CVE-2018-20803
23 Nov 2020 — A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects MongoDB Server v4.0 versions prior to 4.0.5; MongoDB Server v3.6 versions prior to 3.6.10 and MongoDB Server v3.4 versions prior to 3.4.19. Un usuario autorizado para realizar consultas en la base de datos puede desencadenar una denegación de servicio al emitir consultas especialmente diseñadas, que se re... • https://jira.mongodb.org/browse/SERVER-38070 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-7928 – Improper neutralization of null byte leads to read overrun
https://notcve.org/view.php?id=CVE-2020-7928
23 Nov 2020 — A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and MongoDB Server v3.6 versions prior to 3.6.20. Un usuario autorizado para realizar consultas de la base de datos puede desencadenar un desbordamiento de lectura y acceder a la memoria arbitraria mediante la emisión d... • https://jira.mongodb.org/browse/SERVER-49404 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2393 – Crash while joining collections with $lookup
https://notcve.org/view.php?id=CVE-2019-2393
23 Nov 2020 — A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13 and MongoDB Server v3.6 versions prior to 3.6.15. Un usuario autorizado que lleva a cabo consultas en la base de datos puede desencadenar una denegación de servicio al emitir consultas especialmente diseñadas, que usan $lookup y colaciones. Este prob... • https://jira.mongodb.org/browse/SERVER-43350 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20923 – Crash while handling internal Javascript exception types
https://notcve.org/view.php?id=CVE-2019-20923
23 Nov 2020 — A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7. Un usuario autorizado que lleva a cabo consultas en la base de datos puede desencadenar una denegación de servicio al emitir consultas especialmente diseñadas, que arrojan excepciones de Javascript no controladas ... • https://jira.mongodb.org/browse/SERVER-39481 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20924 – Invariant in IndexBoundsBuilder
https://notcve.org/view.php?id=CVE-2019-20924
23 Nov 2020 — A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2. Un usuario autorizado que lleva a cabo consultas en la base de datos puede desencadenar una denegación de servicio al emitir consultas especialmente diseñadas que desencadenan una invariante en la función IndexBoundsBuilder. Este problema afecta a: MongoDB Server de MongoDB I... • https://jira.mongodb.org/browse/SERVER-44377 • CWE-394: Unexpected Status Code or Return Value CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2392 – $mod can result in undefined behavior
https://notcve.org/view.php?id=CVE-2019-2392
23 Nov 2020 — A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20. Un usuario autorizado que lleva a cabo consultas en la base de datos puede desencadenar una denegación de servicio al emitir consultas especialmente diseñadas, que usan el... • https://jira.mongodb.org/browse/SERVER-43699 • CWE-190: Integer Overflow or Wraparound •