Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.3 views

SUSE CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS5AI score0.02474EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2021-0520)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3CVSS7.2AI score0.02474EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/11/29 6:26 a.m.21 views

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS1.2AI score0.02474EPSS
Exploits1References3
Mageia
Mageia
added 2021/11/25 1:6 p.m.45 views

Updated couchdb packages fix security vulnerability

Privilege escalation that allows an attacker to add or remove data in any database or make configuration changes. CVE-2021-38295...

7.3CVSS4.4AI score0.02474EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/10/18 12:0 a.m.18 views

Apache CouchDB <= 3.1.1 Privilege Escalation Vulnerability - Windows

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

7.3CVSS7.4AI score0.02474EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/10/18 12:0 a.m.18 views

Apache CouchDB <= 3.1.1 Privilege Escalation Vulnerability - Linux

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

7.3CVSS7.4AI score0.02474EPSS
Exploits1References1
CVE
CVE
added 2021/10/14 7:55 p.m.88 views

CVE-2021-38295

CVE-2021-38295 affects Apache CouchDB before 3.1.2. A malicious user who can create documents can attach an HTML file; when an admin opens the attachment in a browser (e.g., Fauxton) the embedded JavaScript runs in the admin’s security context, enabling privilege escalation. Affected routes inclu...

7.3CVSS7.1AI score0.02474EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/14 7:55 p.m.24 views

CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.5AI score0.02474EPSS
Exploits1References1
Circl
Circl
added 2021/10/14 3:47 p.m.6 views

CVE-2021-38295

creationtimestamp| type| source ---|---|--- 2021-10-14 15:47:18+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/694 2021-10-14 18:57:00+00:00| published-proof-of-concept| https://t.me/cKure/7612 2021-10-15 00:27:54+00:00| seen| https://t.me/cibsecurity/30603 2021-10-15 11:07:01+00:0...

7.3CVSS7.1AI score0.02474EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2021/10/14 3:45 p.m.326 views

Exploit for Cross-site Scripting in Apache Couchdb

CVE-2021-38295-PoC A simple Python proof of concept for CVE-20...

7.3CVSS5.6AI score0.02474EPSS
Exploits1
Rows per page
Query Builder