Filtered by vendor Mongodb
Subscribe
Total
65 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1609 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2023-12-10 | 5.0 MEDIUM | N/A |
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | |||||
CVE-2013-4650 | 1 Mongodb | 1 Mongodb | 2023-12-10 | 6.5 MEDIUM | N/A |
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. | |||||
CVE-2013-3969 | 1 Mongodb | 1 Mongodb | 2023-12-10 | 6.5 MEDIUM | N/A |
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object. | |||||
CVE-2013-1892 | 2 Mongodb, Redhat | 2 Mongodb, Enterprise Mrg | 2023-12-10 | 6.0 MEDIUM | N/A |
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument. | |||||
CVE-2013-2132 | 3 Canonical, Mongodb, Opensuse | 3 Ubuntu Linux, Mongodb, Opensuse | 2023-12-10 | 4.3 MEDIUM | N/A |
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." |