Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-11464
Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-...
Couchbase Couchbase Server 5.5.0
Couchbase Couchbase Server 5.1.2
5.3
CVSSv3
CVE-2019-11466
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.
Couchbase Couchbase Server 5.5.0
Couchbase Couchbase Server 6.0.0
7.5
CVSSv3
CVE-2019-11467
In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer serv...
Couchbase Couchbase Server 5.5.0
Couchbase Couchbase Server 4.6.3
7.5
CVSSv3
CVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway up to and including 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
Couchbase Couchbase Server 6.0.3
Couchbase Sync Gateway
7.5
CVSSv3
CVE-2022-32192
Couchbase Server 5.x up to and including 7.x prior to 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
Couchbase Couchbase Server
7.5
CVSSv3
CVE-2022-32557
An issue exists in Couchbase Server prior to 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.
Couchbase Couchbase Server
7.5
CVSSv3
CVE-2022-32560
An issue exists in Couchbase Server prior to 7.0.4. XDCR lacks role checking when changing internal settings.
Couchbase Couchbase Server
4.9
CVSSv3
CVE-2022-32561
An issue exists in Couchbase Server prior to 6.6.5 and 7.x prior to 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it exists that diagnostic endpoints could still be accessed from the network.
Couchbase Couchbase Server
8.8
CVSSv3
CVE-2022-32562
An issue exists in Couchbase Server prior to 7.0.4. Operations may succeed on a collection using stale RBAC permission.
Couchbase Couchbase Server
6.5
CVSSv3
CVE-2021-31158
In the Query Engine in Couchbase Server 6.5.x and 6.6.x up to and including 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access.
Couchbase Couchbase Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »