FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a8448963-e6f5-11ee-a784-dca632daf43bdatabases/mongodb* -- Improper Certificate Validation

MongoDB, Inc. reports:

A security vulnerability was found where a server process running MongoDB 3.2.6 or later will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured (CVE-2024-1351).


Discovery 2024-03-07
Entry 2024-03-20
mongodb44
< 4.4.29

mongodb50
< 5.0.25

mongodb60
< 6.0.14

mongodb70
< 7.0.6

CVE-2024-1351
https://nvd.nist.gov/vuln/detail/CVE-2024-1351
28ffa931-a510-11ef-8109-b42e991fc52emongodb -- Buffer over-reads in MongoDB Server

cna@mongodb.com reports:

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server.


Discovery 2024-11-14
Entry 2024-11-17
mongodb50
< 5.0.30

mongodb60
< 6.0.19

mongodb70
< 7.0.15

mongodb80
< 8.0.2

CVE-2024-10921
https://nvd.nist.gov/vuln/detail/CVE-2024-10921