📦 Mongodb

This vulnerability in MongoDB allows connections from proxy ports to bypass connection counting, potentially causing server crashes when connection limits are exceeded. It affects MongoDB servers with...

This vulnerability allows unauthenticated clients to read uninitialized heap memory from MongoDB servers by exploiting mismatched length fields in Zlib compressed protocol headers. This could leak sen...

This vulnerability allows unauthorized users to bypass MongoDB's authorization controls by exploiting a flaw in the $mergeCursors aggregation pipeline stage. Attackers can access data they shouldn't h...

MongoDB Server is vulnerable to denial of service when processing specific date values in JSON input during OIDC authentication. An attacker can crash the server by sending a malicious payload, affect...

This vulnerability allows improper authentication in MongoDB servers when TLS with CRL revocation checking is enabled on Linux systems. It affects MongoDB X509 authentication and intra-cluster authent...

A vulnerability in MongoDB's mongos query router allows unauthenticated attackers to send specially crafted wire protocol messages that cause the service to crash during command validation. This affec...

A buffer overflow vulnerability in MongoDB's C driver library (libbson) allows attackers to cause segmentation faults and application crashes by creating BSON documents exceeding maximum size limits. ...

CVE-2024-3372 is an improper input validation vulnerability in MongoDB Server that allows pre-authentication attackers to send malformed metadata causing BSON serialization errors. This can lead to un...

This MongoDB vulnerability allows authenticated users to maintain authorization sessions after their accounts are deleted, potentially gaining access to new accounts that reuse the same username. It a...

An authenticated MongoDB user can crash the database server by executing a query that targets a collection with an invalid compound wildcard index. This affects MongoDB deployments where users have qu...

This MongoDB vulnerability allows authenticated users to bypass intended read-only restrictions on the 'filter' parameter in profile commands, potentially modifying database behavior. It affects Mongo...

This vulnerability allows attackers to crash MongoDB servers by sending complex queries that trigger excessive memory usage in the query planner. All MongoDB deployments using affected versions are vu...

A post-authentication flaw in MongoDB's two-phase commit protocol for cross-shard transactions can cause logical data inconsistencies under specific, unpredictable conditions. This may lead to misinte...

MongoDB Server may crash due to an invariant failure during batched delete operations when handling documents. The server incorrectly assumes multiple documents exist in a batch based on document size...

This vulnerability in MongoDB Server allows oversized BSON documents to bypass initial size validation in time series processing, causing an assertion failure that terminates the server process. It af...

This CVE describes a TLS certificate validation bypass vulnerability in MongoDB servers. On Windows and Apple systems, MongoDB may accept client certificates missing the required clientAuth extended k...

MongoDB's KMIP response parser accepts malformed packets that create invalid objects, causing read access violations when accessed. This affects MongoDB instances using KMIP for key management. The vu...

An authorized MongoDB user can cause a denial of service by sending specially crafted $group queries with certain accumulator functions. This vulnerability affects MongoDB Server versions 6.0 before 6...

An improper handling of the lsid field in sharded queries can cause MongoDB routers to crash when this field is provided in contexts where it's not applicable. This affects MongoDB Server versions 6.0...

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, causing an invariant failure and server crash during commit. This affects MongoDB Server v6...

An authorized MongoDB user can cause a server crash by issuing queries containing duplicate _id fields, leading to denial of service. This affects MongoDB Server v8.1.0 specifically. Only authenticate...

MongoDB Server versions 8.0 prior to 8.0.10 have a memory management vulnerability where certain internal operations can cause excessive memory consumption, potentially leading to server crashes and d...

An authenticated MongoDB user can trigger a use-after-free vulnerability by executing specific aggregation pipeline operations, causing server crashes even without shutdown privileges. This affects Mo...

An authenticated MongoDB user can cause server crashes or read unauthorized memory contents by sending specially crafted requests with malformed BSON. This affects MongoDB Server versions 5.0 before 5...

MongoDB Server v6.0.3 contains a memory access vulnerability in internal aggregation stage processing when zero arguments are called. This could lead to crashes, data corruption, or potential informat...

This vulnerability allows an attacker with host-level access on Linux systems to manipulate MongoDB server startup to load malicious shared libraries, potentially gaining full control over the MongoDB...

This vulnerability allows authenticated MongoDB users to bypass IP whitelisting protection after administrative actions like role modifications. It affects MongoDB Server versions 3.6 prior to 3.6.18,...

A privilege escalation vulnerability in MongoDB Server allows users with limited privileges to terminate queries executed by other users, causing denial of service by preventing queries from completin...