GCVE - cpe:2.3:a:mongodb:mongodb:2.6.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mongodb:mongodb:2.6.0:*:*:*:*:*:*:*

part: a version: 2.6.0 update: *

Vendor	Mongodb (`1aa156a6-63a9-5032-baaf-10197d408a1e`)
Product	Mongodb (`fa9f1f9b-0cc9-5830-a189-b908276ac432`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/mongodb`	purl2cpe	2026-06-01 10:11:17.774799
`pkg:deb/ubuntu/mongodb`	purl2cpe	2026-06-01 10:11:17.774800
`pkg:github/mongodb/mongo`	purl2cpe	2026-06-01 10:11:17.774802

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-3104`	vulnerable	2026-06-03 14:35:45.151812	Details available mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. Published: 2017-04-14T18:00:00.000Z Updated: 2024-08-05T23:47:56.936Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1324496 http://www.securityfocus.com/bid/94929 https://jira.mongodb.org/browse/SERVER-24378	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-1609`	vulnerable	2026-06-03 14:34:39.770253	Details available MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. Published: 2015-03-30T14:00:00.000Z Updated: 2024-08-06T04:47:17.478Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152493.html https://security.gentoo.org/glsa/201611-13 http://www.splunk.com/view/SP-CAAAPC3 http://www.securitytracker.com/id/1034466 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153690.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3971`	vulnerable	2026-06-03 14:34:02.291090	Details available The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. Published: 2014-12-25T11:00:00.000Z Updated: 2024-08-06T10:57:17.943Z Open on db.gcve.eu Reference links https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b https://jira.mongodb.org/browse/SERVER-13753	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.