CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32036 – Denial of Service and Data Integrity vulnerability in features command
https://notcve.org/view.php?id=CVE-2021-32036
04 Feb 2022 — An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 ... • https://jira.mongodb.org/browse/SERVER-59294 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6494
https://notcve.org/view.php?id=CVE-2016-6494
03 Oct 2016 — The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. El cliente en MongoDB utiliza permisos accesibles a todos en archivos históricos .dbshell, lo que podría permitir a usuarios locales obtener información sensible leyendo estos archivos. • http://www.openwall.com/lists/oss-security/2016/07/29/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •