CVE-2013-3969 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3969): The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object. CVE-2013-1892 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1892): MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
Fixed versions have already been in the tree and vulnerable versions have been dropped. Closing noglsa.