FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d0be8e1f-b19a-11ea-94aa-b827eb2f57d4MongoDB -- Ensure RoleGraph can serialize authentication restrictions to BSON

reports:

Improper serialization of MongoDB Server's internal authorization state permits a user with valid credentials to bypass IP source address protection mechanisms following administrative action.

Credit

Discovered by Tony Yesudas.


Discovery 2020-01-10
Entry 2020-06-29
mongodb36
< 3.6.18

mongodb40
< 4.0.15

mongodb42
< 4.2.3

CVE-2020-7921
fd2e0ca8-e3ae-11e9-8af7-08002720423dmongodb -- Bump Windows package dependencies

Rich Mirch reports:

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.


Discovery 2019-08-06
Entry 2019-09-30
mongodb34
< 3.4.22

mongodb36
< 3.6.14

mongodb40
< 4.0.11

CVE-2019-2390
https://jira.mongodb.org/browse/SERVER-42233
273c6c43-e3ad-11e9-8af7-08002720423dmongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name.

Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports:

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init.


Discovery 2019-08-06
Entry 2019-09-30
mongodb34
< 3.4.22

mongodb36
< 3.6.14

mongodb40
< 4.0.11

CVE-2019-2389
https://jira.mongodb.org/browse/SERVER-40563