Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache couchdb - vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2010-3854
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 up to and including 1.0.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Apache Couchdb 0.9.0
Apache Couchdb 0.11.1
Apache Couchdb 0.9.1
Apache Couchdb 1.0.1
Apache Couchdb 0.11.0
Apache Couchdb 0.10.2
Apache Couchdb 1.0.0
Apache Couchdb 0.8.1
Apache Couchdb 0.10.1
Apache Couchdb 0.9.2
Apache Couchdb 0.11.2
Apache Couchdb 0.10.0
Apache Couchdb 0.8.0
605
VMScore
CVE-2010-2234
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 up to and including 0.11.0 allows remote malicious users to hijack the authentication of administrators for direct requests to an installation URL.
Apache Couchdb 0.8.0
Apache Couchdb 0.10.1
Apache Couchdb 0.10.0
Apache Couchdb 0.8.1
Apache Couchdb 0.11.0
Apache Couchdb 0.9.2
Apache Couchdb 0.9.1
Apache Couchdb 0.9.0
605
VMScore
CVE-2012-5649
Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1 allows remote malicious users to execute arbitrary code via a JSONP callback, related to Adobe Flash.
Apache Couchdb
Apache Couchdb 1.0.2
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb 1.1.1
Apache Couchdb 1.2.0
Apache Couchdb 1.1.0
383
VMScore
CVE-2012-5650
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.
Apache Couchdb 1.0.2
Apache Couchdb 1.1.0
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb 1.2.0
Apache Couchdb
Apache Couchdb 1.1.1
383
VMScore
CVE-2010-0009
Apache CouchDB 0.8.0 up to and including 0.10.1 allows remote malicious users to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
Apache Couchdb 0.9.1
Apache Couchdb 0.9.0
Apache Couchdb 0.10.1
Apache Couchdb 0.10.0
Apache Couchdb 0.9.2
Apache Couchdb 0.8.1
Apache Couchdb 0.8.0
1000
VMScore
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including ...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
6 Github repositories
912
VMScore
CVE-2017-12636
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB prior to 1.7.0 and 2.x prior to 2...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
5 Github repositories
445
VMScore
CVE-2012-5641
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb prior to 2.4.0, as used in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1, allows remote malicious users to read arbitrary files via a ..\ (dot dot backsla...
Apache Couchdb 1.1.1
Apache Couchdb 1.2.0
Mochiweb Project Mochiweb 2.3.0
Mochiweb Project Mochiweb 2.2.1
Apache Couchdb 1.1.0
Mochiweb Project Mochiweb
Mochiweb Project Mochiweb 2.3.1
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb
Apache Couchdb 1.0.2
Mochiweb Project Mochiweb 2.2.0
Mochiweb Project Mochiweb 2.1.0
534
VMScore
CVE-2021-38295
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML ...
Apache Couchdb
1 Github repository
578
VMScore
CVE-2018-17188
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities...
Apache Couchdb
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »