CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10572
https://notcve.org/view.php?id=CVE-2016-10572
31 May 2018 — mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. mongodb-instance en versiones anteriores a la 0.0.3 instala mongodb localmente. mongodb-instance descarga recursos de binarios mediante HT... • https://nodesecurity.io/advisories/235 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15535
https://notcve.org/view.php?id=CVE-2017-15535
01 Nov 2017 — MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. MongoDB, en versiones 3.4.x anteriores a la 3.4.10, y desarrollos 3.5.x, tiene un ajuste de configuración deshabilitado por defecto, networkMessageCompressors (también conocido como wire protocol compression), que expone una vu... • http://www.securityfocus.com/bid/101689 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-14227
https://notcve.org/view.php?id=CVE-2017-14227
09 Sep 2017 — In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. En MongoDB libbson 1.7.0, la función bson_iter_codewscope en bson-iter.c no calcula correctamente un argumento de longitud bson_utf8_validate, lo que permite que atacantes remotos provoquen una denegación de se... • http://www.securityfocus.com/bid/100825 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8180
https://notcve.org/view.php?id=CVE-2014-8180
06 Jun 2017 — MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. MongoDB sobre Red Hat Satellite 6 permite a usuarios locales evitar la autenticación iniciando sesión con una contraseña vacía y borrar información que podría causar una denegación de servicio. • https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/preparing_your_environment_for_installation#restricting_access_to_mongod • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2016-3104
https://notcve.org/view.php?id=CVE-2016-3104
14 Apr 2017 — mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. Mongod en MongoDB 2.6, cuando se utilizan usuarios de estilo 2.4 y 2.4 permiten a los atacantes remotos provocar una denegación de servicio (consumo de memoria y terminación del proceso) aprovechando la representación de la base de datos en memoria al aut... • http://www.securityfocus.com/bid/94929 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6494
https://notcve.org/view.php?id=CVE-2016-6494
03 Oct 2016 — The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. El cliente en MongoDB utiliza permisos accesibles a todos en archivos históricos .dbshell, lo que podría permitir a usuarios locales obtener información sensible leyendo estos archivos. • http://www.openwall.com/lists/oss-security/2016/07/29/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2015-1609 – Gentoo Linux Security Advisory 201611-13
https://notcve.org/view.php?id=CVE-2015-1609
30 Mar 2015 — MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. MongoDB anterior a 2.4.13 y 2.6.x anterior a 2.6.8 permite a atacantes remotos causar una denegación de servicio a través de una cadena UTF-8 manipulada en una solicitud BSON. A vulnerability in MongoDB can lead to a Denial of Service condition. Versions less than 2.4.13 are affected. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152493.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3971
https://notcve.org/view.php?id=CVE-2014-3971
25 Dec 2014 — The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. La función CmdAuthenticate::_authenticateX509 en db/commands/authentication_commands.cpp en mongod en MongoDB 2.6.x anterior a 2.6.2 permite a atacantes remotos causar una denegación de servicio (caída del demonio) intentando autenticarse con... • https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 23EXPL: 2CVE-2012-6619 – mongodb: memory over-read via incorrect BSON object length
https://notcve.org/view.php?id=CVE-2012-6619
04 Mar 2014 — The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. La configuración por defecto para MongoDB anterior a 2.3.2 no valida objetos, lo que permite a usuarios remotos autenticados causar una denegación de servicio (caída) o leer la memoria del sistema a través de un objeto BSON manipulad... • http://blog.ptsecurity.com/2012/11/attacking-mongodb.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 8%CPEs: 5EXPL: 1CVE-2013-3969 – MongoDB - 'conn' Mongo Object Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-3969
01 Oct 2013 — The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object. Find prototype en scripting/engine_v8.h en MongoDB 2.4.0 hasta 2.4.4 permite a usuarios autenticados remotos causar una denegación de servicio (referencia a puntero no inicializado y caída del servidor) o posiblemente ejecutar código a discrección a través ... • https://www.exploit-db.com/exploits/38669 • CWE-399: Resource Management Errors •