Shodan
Vulnerabilities
Vulnerable Software
Mongodb:  >> Mongodb  Security Vulnerabilities
CVE-2016-6494
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-10-03
CVE-2015-1609
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
CVSS Score
5.0
EPSS Score
0.017
Published
2015-03-30
CVE-2014-3971
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.
CVSS Score
5.0
EPSS Score
0.01
Published
2014-12-25
CVE-2012-6619
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
CVSS Score
6.4
EPSS Score
0.022
Published
2014-03-06
CVE-2013-3969
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
CVSS Score
6.5
EPSS Score
0.082
Published
2013-10-01
CVE-2013-1892
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
CVSS Score
6.0
EPSS Score
0.585
Published
2013-10-01
CVE-2013-2132
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
CVSS Score
4.3
EPSS Score
0.022
Published
2013-08-15
CVE-2013-4650
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
CVSS Score
6.5
EPSS Score
0.005
Published
2013-07-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved