Download
| Alert*
oval:org.secpod.oval:def:704529
mongodb is installed oval:org.secpod.oval:def:108564 mongodb is installed oval:org.secpod.oval:def:605174 mongodb is installed oval:org.secpod.oval:def:108563 Mongo is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the following features: * Collection oriented storage: easy storage of object/JSON-style data * Dynamic queries * Full index support, including on inner objects and embedded arrays ... oval:org.secpod.oval:def:113952 Mongo is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the following features: * Collection oriented storage: easy storage of object/JSON-style data * Dynamic queries * Full index support, including on inner objects and embedded arrays ... oval:org.secpod.oval:def:113965 Mongo is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the following features: * Collection oriented storage: easy storage of object/JSON-style data * Dynamic queries * Full index support, including on inner objects and embedded arrays ... oval:org.secpod.oval:def:115210 Mongo is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the following features: * Collection oriented storage: easy storage of object/JSON-style data * Dynamic queries * Full index support, including on inner objects and embedded arrays ... oval:org.secpod.oval:def:111395 Mongo is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the following features: * Collection oriented storage: easy storage of object/JSON-style data * Dynamic queries * Full index support, including on inner objects and embedded arrays ... oval:org.secpod.oval:def:111403 Mongo is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the following features: * Collection oriented storage: easy storage of object/JSON-style data * Dynamic queries * Full index support, including on inner objects and embedded arrays ... oval:org.secpod.oval:def:1900544 The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by read ing these files. oval:org.secpod.oval:def:1901569 mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service by leveraging in-memory database representation when authenticating against a non-existent database. oval:org.secpod.oval:def:75979 mongodb: object/document-oriented database MongoDB could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:2004190 Improper serialization of internal state in the authorization subsystem in MongoDB Server"s authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects: MongoDB Inc. MongoDB Server 4.2 versions prio ... oval:org.secpod.oval:def:2004191 A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem"s support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4. ... oval:org.secpod.oval:def:2005279 Incorrect scoping of kill operations in MongoDB Server"s packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4 ... oval:org.secpod.oval:def:60418 The host is installed with MongoDB 4.0 before 4.0.11, 3.6 before 3.6.14 or 3.4 before 3.4.22 and is prone to a code injection vulnerability. A flaw is present in the application which fails to handle OPENSSL configuration files. Successful exploitation allows an attacker to place arbitrary code in t ... oval:org.secpod.oval:def:60417 The host is installed with MongoDB 4.0 before 4.0.11, 3.6 before 3.6.14 or 3.4 before 3.4.22 and is prone to an improper input vulnerability. A flaw is present in the application which fails to handle SysV init scripts. Successful exploitation allows an attacker to insert arbitrary PIDs to be killed ... oval:org.secpod.oval:def:2005280 After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user"s session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior t ... oval:org.secpod.oval:def:60413 The host is installed with MongoDB 4.0 before 4.0.9, 3.6 before 3.6.13 or 3.4 before 3.4.22 and is prone to an improper authorization vulnerability. A flaw is present in the application which fails to validate authorization of sessions. Successful exploitation allows an attacker to access data by re ... |