Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the co...
Couchbase Couchbase Server -
NA
CVE-2023-28470
In Couchbase Server 5 through 7 prior to 7.1.4, the nsstats endpoint is accessible without authentication.
Couchbase Couchbase Server
570
VMScore
CVE-2019-11496
In versions of Couchbase Server before 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenti...
Couchbase Couchbase Server
445
VMScore
CVE-2022-32560
An issue exists in Couchbase Server prior to 7.0.4. XDCR lacks role checking when changing internal settings.
Couchbase Couchbase Server
668
VMScore
CVE-2021-35943
Couchbase Server 6.5.x and 6.6.x up to and including 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
Couchbase Couchbase Server
445
VMScore
CVE-2022-33911
An issue exists in Couchbase Server 7.x prior to 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
Couchbase Couchbase Server
445
VMScore
CVE-2022-32192
Couchbase Server 5.x up to and including 7.x prior to 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
Couchbase Couchbase Server
NA
CVE-2023-25016
Couchbase Server prior to 6.6.6, 7.x prior to 7.0.5, and 7.1.x prior to 7.1.2 exposes Sensitive Information to an Unauthorized Actor.
Couchbase Couchbase Server
356
VMScore
CVE-2021-31158
In the Query Engine in Couchbase Server 6.5.x and 6.6.x up to and including 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.
Couchbase Couchbase Server
356
VMScore
CVE-2021-25643
An issue exists in Couchbase Server 5.x and 6.x prior to 6.5.2 and 6.6.x prior to 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTok...
Couchbase Couchbase Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »