Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a...
Couchbase Couchbase Server 7.0.0
Couchbase Couchbase Server 7.0.1
694
VMScore
CVE-2019-11467
In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer serv...
Couchbase Couchbase Server 5.5.0
Couchbase Couchbase Server 4.6.3
383
VMScore
CVE-2019-11464
Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-...
Couchbase Couchbase Server 5.5.0
Couchbase Couchbase Server 5.1.2
445
VMScore
CVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway up to and including 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
Couchbase Couchbase Server 6.0.3
Couchbase Sync Gateway
312
VMScore
CVE-2021-27925
An issue exists in Couchbase Server 6.5.x and 6.6.x up to and including 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leake...
Couchbase Couchbase Server
445
VMScore
CVE-2022-33173
An algorithm-downgrade issue exists in Couchbase Server prior to 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.
Couchbase Couchbase Server
NA
CVE-2022-32556
An issue exists in Couchbase Server prior to 7.0.4. A private key is leaked to the log files with certain crashes.
Couchbase Couchbase Server
312
VMScore
CVE-2022-32561
An issue exists in Couchbase Server prior to 6.6.5 and 7.x prior to 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it exists that diagnostic endpoints could still be accessed from the network.
Couchbase Couchbase Server
445
VMScore
CVE-2022-32564
An issue exists in Couchbase Server prior to 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
Couchbase Couchbase Server
356
VMScore
CVE-2021-33504
Couchbase Server prior to 7.1.0 has Incorrect Access Control.
Couchbase Couchbase Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »