Search CVE reports

(A user with access to the cluster with a limited set of privilege acti ...)

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might...

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is...

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.

An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.