Information on source package mongodb

Available versions

ReleaseVersion
stretch1:3.2.11-2+deb9u1
stretch (security)1:3.2.11-2+deb9u2

Open issues

BugstretchDescription
CVE-2021-20326vulnerableA user authorized to performing a specific type of find query may trig ...
CVE-2020-7929vulnerableA user authorized to perform database queries may trigger denial of se ...
CVE-2020-7926vulnerable (no DSA, postponed)A user authorized to perform database queries may cause denial of serv ...
CVE-2020-7921vulnerable (no DSA)Improper serialization of internal state in the authorization subsyste ...
CVE-2019-2393vulnerable (no DSA, postponed)A user authorized to perform database queries may trigger denial of se ...
CVE-2019-2392vulnerable (no DSA, postponed)A user authorized to perform database queries may trigger denial of se ...
CVE-2019-2389vulnerable (no DSA, ignored)Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...
CVE-2019-2386vulnerable (no DSA, ignored)After user deletion in MongoDB Server the improper invalidation of aut ...
CVE-2018-25004vulnerableA user authorized to performing a specific type of query may trigger a ...
CVE-2018-20803vulnerable (no DSA, postponed)A user authorized to perform database queries may trigger denial of se ...

Open unimportant issues

BugstretchDescription
CVE-2015-2328vulnerablePCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...
CVE-2015-2327vulnerablePCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern ...

Resolved issues

BugDescription
TEMP-0833087-C5410Dbruteforcable challenge responses in unprotected logfile
CVE-2020-7928A user authorized to perform database queries may trigger a read overr ...
CVE-2020-7925Incorrect validation of user input in the role name parser may lead to ...
CVE-2020-7923A user authorized to perform database queries may cause denial of serv ...
CVE-2019-20925An unauthenticated client can trigger denial of service by issuing spe ...
CVE-2019-20924A user authorized to perform database queries may trigger denial of se ...
CVE-2019-20923A user authorized to perform database queries may trigger denial of se ...
CVE-2018-20805A user authorized to perform database queries may trigger denial of se ...
CVE-2018-20804A user authorized to perform database queries may trigger denial of se ...
CVE-2018-20802A user authorized to perform database queries may trigger denial of se ...
CVE-2017-15535MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by- ...
CVE-2016-6494The client in MongoDB uses world-readable permissions on .dbshell hist ...
CVE-2016-3104mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remot ...
CVE-2015-7882Improper handling of LDAP authentication in MongoDB Server versions 3. ...
CVE-2015-1609MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers t ...
CVE-2014-3971The CmdAuthenticate::_authenticateX509 function in db/commands/authent ...
CVE-2013-4650MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authen ...
CVE-2013-3969The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2 ...
CVE-2013-1892MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ...
CVE-2012-6619The default configuration for MongoDB before 2.3.2 does not validate o ...

Security announcements

DSA / DLADescription
DLA-2344-1mongodb - security update
DLA-588-2mongodb - regression update
DLA-588-1mongodb - security update

Search for package or bug name: Reporting problems