Show filters

Showing topic results for "":

(1-10 of 181247)

Sort by:
Attacker Value
Unknown

CVE-2019-20924

Disclosure Date: December 01, 2020 (last updated November 23, 2020)
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.
0
Attacker Value
Unknown

CVE-2019-2393

Disclosure Date: November 30, 2020 (last updated November 23, 2020)
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15.
0
Attacker Value
Unknown

CVE-2020-7927

Disclosure Date: November 30, 2020 (last updated November 23, 2020)
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2.
0
Attacker Value
Unknown

CVE-2018-20802

Disclosure Date: November 30, 2020 (last updated November 23, 2020)
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3.
0
Attacker Value
Unknown

CVE-2018-20804

Disclosure Date: November 30, 2020 (last updated November 23, 2020)
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.
0
Attacker Value
Unknown

CVE-2020-7926

Disclosure Date: November 30, 2020 (last updated November 23, 2020)
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected.
0
Attacker Value
Unknown

CVE-2018-20805

Disclosure Date: November 30, 2020 (last updated November 23, 2020)
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.
0
Attacker Value
Unknown

CVE-2020-7925

Disclosure Date: November 30, 2020 (last updated November 23, 2020)
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9.
0
Attacker Value
Unknown

CVE-2019-20923

Disclosure Date: November 30, 2020 (last updated November 23, 2020)
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.
0
Attacker Value
Unknown

CVE-2019-2392

Disclosure Date: November 30, 2020 (last updated November 23, 2020)
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.
0