Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
couchdb vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2010-2234
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 up to and including 0.11.0 allows remote malicious users to hijack the authentication of administrators for direct requests to an installation URL.
Apache Couchdb 0.8.0
Apache Couchdb 0.10.1
Apache Couchdb 0.10.0
Apache Couchdb 0.8.1
Apache Couchdb 0.11.0
Apache Couchdb 0.9.2
Apache Couchdb 0.9.1
Apache Couchdb 0.9.0
6.5
CVSSv2
CVE-2018-17188
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities...
Apache Couchdb
6
CVSSv2
CVE-2021-38295
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML ...
Apache Couchdb
1 Github repository
5
CVSSv2
CVE-2014-2668
Apache CouchDB 1.5.0 and previous versions allows remote malicious users to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
Apache Couchdb
1 EDB exploit
5
CVSSv2
CVE-2012-5641
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb prior to 2.4.0, as used in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1, allows remote malicious users to read arbitrary files via a ..\ (dot dot backsla...
Apache Couchdb 1.1.1
Apache Couchdb 1.2.0
Mochiweb Project Mochiweb 2.3.0
Mochiweb Project Mochiweb 2.2.1
Apache Couchdb 1.1.0
Mochiweb Project Mochiweb
Mochiweb Project Mochiweb 2.3.1
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb
Apache Couchdb 1.0.2
Mochiweb Project Mochiweb 2.2.0
Mochiweb Project Mochiweb 2.1.0
4.6
CVSSv2
CVE-2018-14889
CouchDB in Vectra Networks Cognito Brain and Sensor prior to 4.3 contains a local code execution vulnerability.
Apache Couchdb -
4.3
CVSSv2
CVE-2012-5650
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.
Apache Couchdb 1.0.2
Apache Couchdb 1.1.0
Apache Couchdb 1.0.1
Apache Couchdb 1.0.0
Apache Couchdb 1.2.0
Apache Couchdb
Apache Couchdb 1.1.1
4.3
CVSSv2
CVE-2010-3854
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 up to and including 1.0.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Apache Couchdb 0.9.0
Apache Couchdb 0.11.1
Apache Couchdb 0.9.1
Apache Couchdb 1.0.1
Apache Couchdb 0.11.0
Apache Couchdb 0.10.2
Apache Couchdb 1.0.0
Apache Couchdb 0.8.1
Apache Couchdb 0.10.1
Apache Couchdb 0.9.2
Apache Couchdb 0.11.2
Apache Couchdb 0.10.0
Apache Couchdb 0.8.0
4.3
CVSSv2
CVE-2010-0009
Apache CouchDB 0.8.0 up to and including 0.10.1 allows remote malicious users to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
Apache Couchdb 0.9.1
Apache Couchdb 0.9.0
Apache Couchdb 0.10.1
Apache Couchdb 0.10.0
Apache Couchdb 0.9.2
Apache Couchdb 0.8.1
Apache Couchdb 0.8.0
2.1
CVSSv2
CVE-2020-2291
Jenkins couchdb-statistics Plugin 0.3 and previous versions stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Couchdb-statistics
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »