Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache couchdb - vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2010-3854
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 up to and including 1.0.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Apache Couchdb 0.9.0
Apache Couchdb 0.11.1
Apache Couchdb 0.9.1
Apache Couchdb 1.0.1
Apache Couchdb 0.11.0
Apache Couchdb 0.10.2
Apache Couchdb 1.0.0
Apache Couchdb 0.8.1
Apache Couchdb 0.10.1
Apache Couchdb 0.9.2
Apache Couchdb 0.11.2
Apache Couchdb 0.10.0
Apache Couchdb 0.8.0
6.8
CVSSv2
CVE-2010-2234
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 up to and including 0.11.0 allows remote malicious users to hijack the authentication of administrators for direct requests to an installation URL.
Apache Couchdb 0.8.0
Apache Couchdb 0.10.1
Apache Couchdb 0.10.0
Apache Couchdb 0.8.1
Apache Couchdb 0.11.0
Apache Couchdb 0.9.2
Apache Couchdb 0.9.1
Apache Couchdb 0.9.0
4.3
CVSSv2
CVE-2012-5650
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.
Apache Couchdb 1.0.2
Apache Couchdb 1.1.0
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb 1.2.0
Apache Couchdb
Apache Couchdb 1.1.1
6.8
CVSSv2
CVE-2012-5649
Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1 allows remote malicious users to execute arbitrary code via a JSONP callback, related to Adobe Flash.
Apache Couchdb
Apache Couchdb 1.0.2
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb 1.1.1
Apache Couchdb 1.2.0
Apache Couchdb 1.1.0
4.3
CVSSv2
CVE-2010-0009
Apache CouchDB 0.8.0 up to and including 0.10.1 allows remote malicious users to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
Apache Couchdb 0.9.1
Apache Couchdb 0.9.0
Apache Couchdb 0.10.1
Apache Couchdb 0.10.0
Apache Couchdb 0.9.2
Apache Couchdb 0.8.1
Apache Couchdb 0.8.0
10
CVSSv2
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including ...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
6 Github repositories
9
CVSSv2
CVE-2017-12636
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB prior to 1.7.0 and 2.x prior to 2...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
5 Github repositories
5
CVSSv2
CVE-2012-5641
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb prior to 2.4.0, as used in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1, allows remote malicious users to read arbitrary files via a ..\ (dot dot backsla...
Apache Couchdb 1.1.1
Apache Couchdb 1.2.0
Mochiweb Project Mochiweb 2.3.0
Mochiweb Project Mochiweb 2.2.1
Apache Couchdb 1.1.0
Mochiweb Project Mochiweb
Mochiweb Project Mochiweb 2.3.1
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb
Apache Couchdb 1.0.2
Mochiweb Project Mochiweb 2.2.0
Mochiweb Project Mochiweb 2.1.0
6
CVSSv2
CVE-2021-38295
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML ...
Apache Couchdb
1 Github repository
9
CVSSv2
CVE-2018-11769
CouchDB administrative users prior to 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the...
Apache Couchdb
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »