Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache couchdb vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-17188
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities...
Apache Couchdb
6
CVSSv2
CVE-2021-38295
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML ...
Apache Couchdb
1 Github repository
5
CVSSv2
CVE-2014-2668
Apache CouchDB 1.5.0 and previous versions allows remote malicious users to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
Apache Couchdb
1 EDB exploit
5
CVSSv2
CVE-2012-5641
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb prior to 2.4.0, as used in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1, allows remote malicious users to read arbitrary files via a ..\ (dot dot backsla...
Apache Couchdb 1.1.1
Apache Couchdb 1.2.0
Mochiweb Project Mochiweb 2.3.0
Mochiweb Project Mochiweb 2.2.1
Apache Couchdb 1.1.0
Mochiweb Project Mochiweb
Mochiweb Project Mochiweb 2.3.1
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb
Apache Couchdb 1.0.2
Mochiweb Project Mochiweb 2.2.0
Mochiweb Project Mochiweb 2.1.0
4.6
CVSSv2
CVE-2018-14889
CouchDB in Vectra Networks Cognito Brain and Sensor prior to 4.3 contains a local code execution vulnerability.
Apache Couchdb -
4.3
CVSSv2
CVE-2012-5650
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.
Apache Couchdb 1.0.2
Apache Couchdb 1.1.0
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb 1.2.0
Apache Couchdb
Apache Couchdb 1.1.1
4.3
CVSSv2
CVE-2010-3854
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 up to and including 1.0.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Apache Couchdb 0.9.0
Apache Couchdb 0.11.1
Apache Couchdb 0.9.1
Apache Couchdb 1.0.1
Apache Couchdb 0.11.0
Apache Couchdb 0.10.2
Apache Couchdb 1.0.0
Apache Couchdb 0.8.1
Apache Couchdb 0.10.1
Apache Couchdb 0.9.2
Apache Couchdb 0.11.2
Apache Couchdb 0.10.0
Apache Couchdb 0.8.0
4.3
CVSSv2
CVE-2010-0009
Apache CouchDB 0.8.0 up to and including 0.10.1 allows remote malicious users to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
Apache Couchdb 0.9.1
Apache Couchdb 0.9.0
Apache Couchdb 0.10.1
Apache Couchdb 0.10.0
Apache Couchdb 0.9.2
Apache Couchdb 0.8.1
Apache Couchdb 0.8.0
NA
CVE-2023-45725
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an H...
Apache Couchdb
NA
CVE-2023-26268
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This d...
Apache Couchdb
Ibm Cloudant
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2