Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase couchbase server vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-27924
An issue exists in Couchbase Server 6.x up to and including 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.
Couchbase Couchbase Server
312
VMScore
CVE-2021-27925
An issue exists in Couchbase Server 6.5.x and 6.6.x up to and including 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leake...
Couchbase Couchbase Server
NA
CVE-2022-32556
An issue exists in Couchbase Server prior to 7.0.4. A private key is leaked to the log files with certain crashes.
Couchbase Couchbase Server
445
VMScore
CVE-2022-32560
An issue exists in Couchbase Server prior to 7.0.4. XDCR lacks role checking when changing internal settings.
Couchbase Couchbase Server
356
VMScore
CVE-2021-33504
Couchbase Server prior to 7.1.0 has Incorrect Access Control.
Couchbase Couchbase Server
570
VMScore
CVE-2019-11496
In versions of Couchbase Server before 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenti...
Couchbase Couchbase Server
NA
CVE-2022-42950
An issue exists in Couchbase Server 7.x prior to 7.0.5 and 7.1.x prior to 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of servic...
Couchbase Couchbase Server
NA
CVE-2022-42951
An issue exists in Couchbase Server 6.5.x and 6.6.x prior to 6.6.6, 7.x prior to 7.0.5, and 7.1.x prior to 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can conne...
Couchbase Couchbase Server
890
VMScore
CVE-2020-24719
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use t...
Couchbase Couchbase Server
NA
CVE-2022-34826
In Couchbase Server 7.1.x prior to 7.1.1, an encrypted Private Key passphrase may be leaked in the logs.
Couchbase Couchbase Server 7.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »