| Bug | jessie | stretch | Description |
|---|
| CVE-2024-10921 | vulnerable | vulnerable | An authorized user may trigger crashes or receive the contents of buff ... |
| CVE-2024-8654 | vulnerable | vulnerable | MongoDB Server may access non-initialized region of memory leading to ... |
| CVE-2024-8305 | vulnerable | vulnerable | prepareUnique index may cause secondaries to crash due to incorrect en ... |
| CVE-2024-8207 | vulnerable | vulnerable | In certain highly specific configurations of the host system and Mongo ... |
| CVE-2024-8013 | vulnerable | vulnerable | A bug in query analysis of certain complex self-referential $lookup su ... |
| CVE-2024-6384 | vulnerable | vulnerable | "Hot" backup files may be downloaded by underprivileged users, if they ... |
| CVE-2024-6375 | vulnerable | vulnerable | A command for refining a collection shard key is missing an authorizat ... |
| CVE-2024-3374 | vulnerable | vulnerable | An unauthenticated user can trigger a fatal assertion in the server wh ... |
| CVE-2024-3372 | vulnerable | vulnerable | Improper validation of certain metadata input may result in the server ... |
| CVE-2024-1351 | vulnerable | vulnerable | Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Se ... |
| CVE-2022-24272 | vulnerable | vulnerable | An authenticated user may trigger an invariant assertion during comman ... |
| CVE-2021-32040 | vulnerable | vulnerable | It may be possible to have an extremely long aggregation pipeline in c ... |
| CVE-2021-32037 | vulnerable | vulnerable | An authorized user may trigger an invariant which may result in denial ... |
| CVE-2021-32036 | vulnerable | vulnerable | An authenticated user without any specific authorizations may be able ... |
| CVE-2021-20333 | vulnerable | vulnerable | Sending specially crafted commands to a MongoDB Server may result in a ... |
| CVE-2021-20330 | vulnerable | vulnerable | An attacker with basic CRUD permissions on a replicated collection can ... |
| CVE-2021-20326 | vulnerable | vulnerable | A user authorized to performing a specific type of find query may trig ... |
| CVE-2020-7929 | vulnerable | vulnerable | A user authorized to perform database queries may trigger denial of se ... |
| CVE-2020-7926 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | A user authorized to perform database queries may cause denial of serv ... |
| CVE-2020-7921 | vulnerable (no DSA) | vulnerable (no DSA) | Improper serialization of internal state in the authorization subsyste ... |
| CVE-2019-2393 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | A user authorized to perform database queries may trigger denial of se ... |
| CVE-2019-2392 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | A user authorized to perform database queries may trigger denial of se ... |
| CVE-2019-2389 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | Incorrect scoping of kill operations in MongoDB Server's packaged SysV ... |
| CVE-2019-2386 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | After user deletion in MongoDB Server the improper invalidation of aut ... |
| CVE-2018-25004 | vulnerable | vulnerable | A user authorized to performing a specific type of query may trigger a ... |
| CVE-2018-20803 | fixed | vulnerable (no DSA, postponed) | A user authorized to perform database queries may trigger denial of se ... |
| CVE-2016-3104 | vulnerable (no DSA) | fixed | mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remot ... |
| Bug | Description |
|---|
| TEMP-0833087-C5410D | bruteforcable challenge responses in unprotected logfile |
| CVE-2024-7553 | Incorrect validation of files loaded from a local untrusted directory ... |
| CVE-2023-1409 | If the MongoDB Server running on Windows or macOS is configured to use ... |
| CVE-2020-7928 | A user authorized to perform database queries may trigger a read overr ... |
| CVE-2020-7925 | Incorrect validation of user input in the role name parser may lead to ... |
| CVE-2020-7923 | A user authorized to perform database queries may cause denial of serv ... |
| CVE-2019-20925 | An unauthenticated client can trigger denial of service by issuing spe ... |
| CVE-2019-20924 | A user authorized to perform database queries may trigger denial of se ... |
| CVE-2019-20923 | A user authorized to perform database queries may trigger denial of se ... |
| CVE-2018-20805 | A user authorized to perform database queries may trigger denial of se ... |
| CVE-2018-20804 | A user authorized to perform database queries may trigger denial of se ... |
| CVE-2018-20802 | A user authorized to perform database queries may trigger denial of se ... |
| CVE-2017-15535 | MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by- ... |
| CVE-2016-6494 | The client in MongoDB uses world-readable permissions on .dbshell hist ... |
| CVE-2015-7882 | Improper handling of LDAP authentication in MongoDB Server versions 3. ... |
| CVE-2015-1609 | MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers t ... |
| CVE-2014-3971 | The CmdAuthenticate::_authenticateX509 function in db/commands/authent ... |
| CVE-2013-4650 | MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authen ... |
| CVE-2013-3969 | The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2 ... |
| CVE-2013-1892 | MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ... |
| CVE-2012-6619 | The default configuration for MongoDB before 2.3.2 does not validate o ... |