CVE-2021-32036

HIGH Year: 2021
CVSS v3 Score
7.1
High
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-770
View all →

Vulnerability Description

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28

Related Vulnerabilities

CVE-2022-2134

HIGH
CVSS:7.1(High)

Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0.

CWE-7702022

CVE-2022-28655

HIGH
CVSS:7.1(High)

is_closing_session() allows users to create arbitrary tcp dbus connections

CWE-7702022

CVE-2023-5289

HIGH
CVSS:7.1(High)

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4.

CWE-7702023

CVE-2024-22255

HIGH
CVSS:7.1(High)

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploi...

CWE-7702024

CVE-2017-0612

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the ...

CWE-7702017

CVE-2024-34027

HIGH
CVSS:7.0(High)

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock It needs to cover {reserve,release}_compress_block...

CWE-7702024