Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized …

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHe…

The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authen…

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-mop…

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remo…

MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of servi…

In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson…

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB,…

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a de…

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The pack…

_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver an…

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5…

It may be possible to have an extremely long aggregation pipeline in conjunction with a specifi…

Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an un…

Incorrect validation of user input in the role name parser may lead to use of uninitialized mem…

An unauthenticated client can trigger denial of service by issuing specially crafted wire proto…

MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain i…

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration set…

A user authorized to perform database queries may trigger denial of service by issuing speciall…

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in m…

A user authorized to perform database queries may trigger a read overrun and access arbitrary m…

A user authorized to perform database queries may cause denial of service by issuing a speciall…

A user authorized to perform database queries may trigger denial of service by issuing speciall…

A user authorized to perform database queries may trigger denial of service by issuing speciall…

A user authorized to perform database queries may cause denial of service by issuing specially …

Sending specially crafted commands to a MongoDB Server may result in artificial log entries bei…

A user authorized to perform database queries may trigger denial of service by issuing speciall…

A user authorized to perform database queries may trigger denial of service by issuing speciall…

A user authorized to perform database queries may trigger denial of service by issuing speciall…

A user authorized to perform database queries may trigger denial of service by issuing speciall…

A user authorized to perform database queries may trigger denial of service by issuing speciall…

A user authorized to perform database queries may trigger denial of service by issuing speciall…

After user deletion in MongoDB Server the improper invalidation of authorization sessions allow…

An authorized user may trigger an invariant which may result in denial of service or server exi…

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and ret…

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be rea…

Under very specific circumstances (see Required configuration section below), a privileged user…

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command…

Specially crafted API calls may allow an authenticated user who holds Organization Owner privil…

An authenticated user without any specific authorizations may be able to repeatedly invoke the …