Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchbase couchbase server vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2020-24719
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use t...
Couchbase Couchbase Server
801
VMScore
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the co...
Couchbase Couchbase Server -
801
VMScore
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operati...
Apache Couchdb
694
VMScore
CVE-2019-11467
In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer serv...
Couchbase Couchbase Server 5.5.0
Couchbase Couchbase Server 4.6.3
668
VMScore
CVE-2021-35943
Couchbase Server 6.5.x and 6.6.x up to and including 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
Couchbase Couchbase Server
668
VMScore
CVE-2020-9039
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 up to and including 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector proce...
Couchbase Couchbase Server 4.0.0
Couchbase Couchbase Server 4.1.0
Couchbase Couchbase Server 4.1.1
Couchbase Couchbase Server 4.5.0
Couchbase Couchbase Server 4.5.1
Couchbase Couchbase Server
Couchbase Couchbase Server 5.0.0
Couchbase Couchbase Server 5.1.1
Couchbase Couchbase Server 5.5.0
Couchbase Couchbase Server 5.5.1
668
VMScore
CVE-2019-11495
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute c...
Couchbase Couchbase Server 5.1.1
605
VMScore
CVE-2022-32563
An issue exists in Couchbase Sync Gateway 3.x prior to 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client cert...
Couchbase Sync Gateway
1 Github repository
605
VMScore
CVE-2020-9042
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.
Couchbase Couchbase Server 6.0.0
578
VMScore
CVE-2022-32562
An issue exists in Couchbase Server prior to 7.0.4. Operations may succeed on a collection using stale RBAC permission.
Couchbase Couchbase Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »