Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mongodb:mongodb:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-2665 |
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. Published: July 06, 2018; 9:29:00 AM -0400 |
V3.0: 7.0 HIGH V2.0: 1.9 LOW |
CVE-2014-8180 |
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. Published: June 06, 2017; 2:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-6494 |
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. Published: October 03, 2016; 2:59:10 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2015-1609 |
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. Published: March 30, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-6619 |
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. Published: March 06, 2014; 10:55:28 AM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2013-1892 |
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. Published: October 01, 2013; 4:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2013-2132 |
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." Published: August 15, 2013; 1:55:24 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |