CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32036 – Denial of Service and Data Integrity vulnerability in features command
https://notcve.org/view.php?id=CVE-2021-32036
04 Feb 2022 — An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 ... • https://jira.mongodb.org/browse/SERVER-59294 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-3800 – CF CLI writes the client id and secret to config file
https://notcve.org/view.php?id=CVE-2019-3800
05 Aug 2019 — CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. La CLI de CF anterior a versión v6.45.0 (versión de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuración cuando el usuario se autentica con el flag --... • https://pivotal.io/security/cve-2019-3800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6494
https://notcve.org/view.php?id=CVE-2016-6494
03 Oct 2016 — The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. El cliente en MongoDB utiliza permisos accesibles a todos en archivos históricos .dbshell, lo que podría permitir a usuarios locales obtener información sensible leyendo estos archivos. • http://www.openwall.com/lists/oss-security/2016/07/29/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2015-1609 – Gentoo Linux Security Advisory 201611-13
https://notcve.org/view.php?id=CVE-2015-1609
30 Mar 2015 — MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. MongoDB anterior a 2.4.13 y 2.6.x anterior a 2.6.8 permite a atacantes remotos causar una denegación de servicio a través de una cadena UTF-8 manipulada en una solicitud BSON. A vulnerability in MongoDB can lead to a Denial of Service condition. Versions less than 2.4.13 are affected. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152493.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 23EXPL: 2CVE-2012-6619 – mongodb: memory over-read via incorrect BSON object length
https://notcve.org/view.php?id=CVE-2012-6619
04 Mar 2014 — The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. La configuración por defecto para MongoDB anterior a 2.3.2 no valida objetos, lo que permite a usuarios remotos autenticados causar una denegación de servicio (caída) o leer la memoria del sistema a través de un objeto BSON manipulad... • http://blog.ptsecurity.com/2012/11/attacking-mongodb.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 2%CPEs: 18EXPL: 1CVE-2013-2132 – pymongo: null pointer when decoding invalid DBRef
https://notcve.org/view.php?id=CVE-2013-2132
11 Jun 2013 — bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." bson/_cbsonmodule.c en el mongo-python-driver (también conocido como pymongo) anterior a v2.5.2, como es usado en MongoDB, permite a atacantes dependientes del contexto causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de ve... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 58%CPEs: 18EXPL: 6CVE-2013-1892 – MongoDB nativeHelper.apply Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-1892
02 Apr 2013 — MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. MongoDB anterior a v2.0.9 y v2.2.x anterior a v.2.4 no valida correctamente las peticiones de la función nativeHelper en SpiderMonkey, lo que permite a usuarios autenticados remotamente provocar una... • https://packetstorm.news/files/id/121045 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •