Security Vulnerabilities - CVEs Published In November 2020
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-11-23
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
CVSS Score
4.9
EPSS Score
0.001
Published
2020-11-23
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-11-23
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server v4.2 versions prior to 4.2.2.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-11-23
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-11-23