Filtered by vendor Mongodb
Subscriptions
Total
66 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-15535 | 1 Mongodb | 1 Mongodb | 2017-11-22 | N/A |
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. | ||||
CVE-2015-1609 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2017-07-01 | N/A |
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | ||||
CVE-2014-8180 | 2 Mongodb, Redhat | 2 Mongodb, Satellite | 2017-06-14 | N/A |
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | ||||
CVE-2016-3104 | 1 Mongodb | 1 Mongodb | 2017-04-22 | N/A |
mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. | ||||
CVE-2014-3971 | 1 Mongodb | 1 Mongodb | 2014-12-29 | N/A |
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. | ||||
CVE-2012-6619 | 1 Mongodb | 1 Mongodb | 2014-05-07 | N/A |
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. |