CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20805 – Invariant with $elemMatch
https://notcve.org/view.php?id=CVE-2018-20805
23 Nov 2020 — A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10. Un usuario autorizado que lleva a cabo consultas en la base de datos puede desencadenar una denegación de servicio al emitir consultas especialmente diseñadas, que llevan a cabo un $elemMatch. Este problema afecta a: MongoDB Server de MongoDB Inc versione... • https://jira.mongodb.org/browse/SERVER-38164 • CWE-834: Excessive Iteration •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20802 – Post-auth queries on compound index may crash mongod
https://notcve.org/view.php?id=CVE-2018-20802
23 Nov 2020 — A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3. Un usuario autorizado que lleva a cabo consultas en la bases de datos puede desencadenar una denegación de servicio al emitir consultas especialmente diseñadas con índices compuestos afectando a QueryPlanner. Este problema afecta a: Mon... • https://jira.mongodb.org/browse/SERVER-36993 • CWE-394: Unexpected Status Code or Return Value •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20804 – Invariant failure in applyOps
https://notcve.org/view.php?id=CVE-2018-20804
23 Nov 2020 — A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13. Un usuario autorizado que lleva a cabo consultas en la base de datos puede desencadenar una denegación de servicio al emitir invocaciones de applyOps especialmente diseñadas. Este problema afecta a: MongoDB Server de MongoDB Inc versiones v4.0 anteriores a 4.0.10;&#... • https://jira.mongodb.org/browse/SERVER-35636 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7926 – Specific query can cause a DoS against MongoDB Server
https://notcve.org/view.php?id=CVE-2020-7926
23 Nov 2020 — A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4.4 are not affected. Un usuario autorizado que lleva a cabo consultas en la base de datos puede causar una denegación de servicio al emitir una consulta especialmente diseñada que viola una invariante en el subsistema de selección del servidor. Este pr... • https://jira.mongodb.org/browse/SERVER-50170 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2020-7925 – Denial of Service when processing malformed Role names
https://notcve.org/view.php?id=CVE-2020-7925
23 Nov 2020 — Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9. Una comprobación inapropiada de la entrada del usuario en el analizador de nombres de funciones puede conllevar al uso de memoria no inicializada, permitiendo a un atacante no autenticado usar una ... • https://jira.mongodb.org/browse/SERVER-49142 • CWE-20: Improper Input Validation CWE-475: Undefined Behavior for Input to API •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7923 – Specific GeoQuery can cause DoS against MongoDB Server
https://notcve.org/view.php?id=CVE-2020-7923
21 Aug 2020 — A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19. Un usuario autorizado para llevar a cabo consultas en la base de datos puede causar una denegación de servicio al emitir consultas especialmente diseñadas, que viola... • https://jira.mongodb.org/browse/SERVER-47773 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2388 – Potential exposure of log information in Ops Manager
https://notcve.org/view.php?id=CVE-2019-2388
13 May 2020 — In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5. En las versiones de Ops Manager afectadas, existe una ruta http expuesta que puede permitir a los atacantes visualizar un registro de acceso específico de una instancia de Ops Manager expuesta públicamente. Este problema a... • https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-4.0.11 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7921 – Administrative action may disable enforcement of per-user IP whitelisting
https://notcve.org/view.php?id=CVE-2020-7921
06 May 2020 — Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18. Una serialización inapropiada del estado interno en el subsistema de autor... • https://jira.mongodb.org/browse/SERVER-45472 • CWE-182: Collapse of Data into Unsafe Value CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-12135 – Ubuntu Security Notice USN-4450-1
https://notcve.org/view.php?id=CVE-2020-12135
24 Apr 2020 — bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input. bson en versiones anteriores a la 0.8 usa incorrectamente int en lugar de size_t para muchas variables, parámetros y valores de retorno. En particular, el parámetro bson_ensure_space () bytesNeeded podría tener un desbordamiento de enteros a través de una entrada bson constru... • https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-7922 – Kubernetes Operator generates potentially insecure certificates
https://notcve.org/view.php?id=CVE-2020-7922
09 Apr 2020 — X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected. This issue affects MongoDB Enterprise Kubernetes Operator version 1.0, MongoDB Enterprise Kubernetes Operator version 1.1, MongoDB Enterprise Kubernetes Operator version 1.2 versions prior to 1.2.4, Mo... • https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/tag/1.2.5 • CWE-295: Improper Certificate Validation •