Vulnerabilities (CVE)

Vendor filter

Couchbase Subscribe

Filter

9 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9039 1 Couchbase 1 Sync Gateway 2019-09-16 7.5
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway?s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey"...
CVE-2019-11465 1 Couchbase 1 Couchbase Server 2019-09-13 5.0
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames...
CVE-2019-11496 1 Couchbase 1 Couchbase Server 2019-09-11 6.4
An issue was discovered in Couchbase Server 5.0.0. Editing bucket settings resets credentials, and leads to authorization without credentials.
CVE-2019-11495 1 Couchbase 1 Couchbase Server 2019-09-11 7.5
Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network services by default. One of those services is an epmd service, which allows for node integration between Erlang instances. This service is protected by...
CVE-2019-11497 1 Couchbase 1 Couchbase Server 2019-09-11 5.0
An issue was discovered in Couchbase Server 5.0.0. When creating a new remote cluster reference in Couchbase for XDCR, an invalid certificate is accepted. (The correct behavior is to validate the certificate against the remote cluster.)
CVE-2019-11466 1 Couchbase 2 Server, Couchbase Server 2019-09-11 5.0
An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Eventing debug endpoint mishandles authentication and audit.
CVE-2019-11467 1 Couchbase 1 Couchbase Server 2019-09-11 7.8
An issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A JSON document to be stored with more than 3000 '\t' characters can crash the indexing system.
CVE-2019-11464 1 Couchbase 2 Server, Couchbase Server 2019-09-11 4.3
An issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http server on port 8092 lacks an X-XSS protection header.
CVE-2018-15728 1 Couchbase 2 Server, Couchbase Server 2019-09-11 9.0
An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system...