CVE-2024-7553
- EPSS 0.14%
- Published 07.08.2024 10:15:39
- Last modified 19.09.2024 20:46:04
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of ...
CVE-2023-0437
- EPSS 0.04%
- Published 12.01.2024 14:15:47
- Last modified 13.02.2025 17:15:55
When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.
CVE-2021-32050
- EPSS 0.04%
- Published 29.08.2023 16:15:08
- Last modified 13.02.2025 17:15:29
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are ...
CVE-2020-12135
- EPSS 0.35%
- Published 24.04.2020 01:15:11
- Last modified 21.11.2024 04:59:19
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.