Approved changes feed: RSS · Atom
cpe:2.3:a:mongodb:mongodb:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | Mongodb (1aa156a6-63a9-5032-baaf-10197d408a1e) |
|---|---|
| Product | Mongodb (fa9f1f9b-0cc9-5830-a189-b908276ac432) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/mongodb |
purl2cpe | 2026-06-01 10:11:17.753400 |
pkg:deb/ubuntu/mongodb |
purl2cpe | 2026-06-01 10:11:17.753401 |
pkg:github/mongodb/mongo |
purl2cpe | 2026-06-01 10:11:17.753403 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-32039 |
vulnerable | 2026-06-03 14:44:34.273614 |
MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text
MEDIUM (5.5)
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0
Published: 2022-01-20T14:50:10.319Z
Updated: 2024-09-17T01:51:09.452Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7923 |
vulnerable | 2026-06-03 14:43:07.736273 |
Specific GeoQuery can cause DoS against MongoDB Server
MEDIUM (6.5)
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19.
Published: 2020-08-21T14:25:12.201Z
Updated: 2024-09-17T02:27:47.252Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2665 |
vulnerable | 2026-06-03 14:37:07.938904 |
Details available
MEDIUM (4.8)
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
Published: 2018-07-06T13:00:00.000Z
Updated: 2024-08-05T14:02:07.257Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.