Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-25016
Couchbase Server prior to 6.6.6, 7.x prior to 7.0.5, and 7.1.x prior to 7.1.2 exposes Sensitive Information to an Unauthorized Actor.
Couchbase Couchbase Server
4.4
CVSSv3
CVE-2021-25645
An issue exists in Couchbase Server prior to 6.0.5, 6.1.x up to and including 6.5.x prior to 6.5.2, and 6.6.x prior to 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.l...
Couchbase Couchbase Server
8.8
CVSSv3
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the co...
Couchbase Couchbase Server -
5.9
CVSSv3
CVE-2021-27924
An issue exists in Couchbase Server 6.x up to and including 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.
Couchbase Couchbase Server
4.4
CVSSv3
CVE-2021-27925
An issue exists in Couchbase Server 6.5.x and 6.6.x up to and including 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leake...
Couchbase Couchbase Server
4.9
CVSSv3
CVE-2021-25643
An issue exists in Couchbase Server 5.x and 6.x prior to 6.5.2 and 6.6.x prior to 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTok...
Couchbase Couchbase Server
9.8
CVSSv3
CVE-2021-35943
Couchbase Server 6.5.x and 6.6.x up to and including 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
Couchbase Couchbase Server
9.1
CVSSv3
CVE-2019-11496
In versions of Couchbase Server before 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets including "default" were changed to only allow access by authenti...
Couchbase Couchbase Server
7.5
CVSSv3
CVE-2022-32192
Couchbase Server 5.x up to and including 7.x prior to 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
Couchbase Couchbase Server
5.9
CVSSv3
CVE-2022-34826
In Couchbase Server 7.1.x prior to 7.1.1, an encrypted Private Key passphrase may be leaked in the logs.
Couchbase Couchbase Server 7.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »