Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase couchbase server - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-24719
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use t...
Couchbase Couchbase Server
4.9
CVSSv3
CVE-2021-33504
Couchbase Server prior to 7.1.0 has Incorrect Access Control.
Couchbase Couchbase Server
6.5
CVSSv3
CVE-2021-31158
In the Query Engine in Couchbase Server 6.5.x and 6.6.x up to and including 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.
Couchbase Couchbase Server
4.4
CVSSv3
CVE-2021-25645
An issue exists in Couchbase Server prior to 6.0.5, 6.1.x up to and including 6.5.x prior to 6.5.2, and 6.6.x prior to 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.l...
Couchbase Couchbase Server
9.1
CVSSv3
CVE-2019-11496
In versions of Couchbase Server before 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenti...
Couchbase Couchbase Server
7.5
CVSSv3
CVE-2022-32557
An issue exists in Couchbase Server prior to 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.
Couchbase Couchbase Server
9.1
CVSSv3
CVE-2022-32559
An issue exists in Couchbase Server prior to 7.0.4. Random HTTP requests lead to leaked metrics.
Couchbase Couchbase Server
5.3
CVSSv3
CVE-2022-33911
An issue exists in Couchbase Server 7.x prior to 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
Couchbase Couchbase Server
4.9
CVSSv3
CVE-2022-42950
An issue exists in Couchbase Server 7.x prior to 7.0.5 and 7.1.x prior to 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of servic...
Couchbase Couchbase Server
8.1
CVSSv3
CVE-2022-42951
An issue exists in Couchbase Server 6.5.x and 6.6.x prior to 6.6.6, 7.x prior to 7.0.5, and 7.1.x prior to 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can conne...
Couchbase Couchbase Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »