519 matches found
EUVD-2012-5533
Malware in sbrugna...
EUVD-2023-31612
Malicious code in bioql PyPI...
vulhub
This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The repository contains a collection of vulnerable applications and services, along with their corresponding Dockerfiles and configuration files. The vulnerable environments are designed to help...
Linux Distros Unpatched Vulnerability : CVE-2021-38295
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin open...
Linux Distros Unpatched Vulnerability : CVE-2017-12636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries th...
Linux Distros Unpatched Vulnerability : CVE-2018-11769
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration...
Linux Distros Unpatched Vulnerability : CVE-2018-17188
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where...
Linux Distros Unpatched Vulnerability : CVE-2017-12635
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submi...
Linux Distros Unpatched Vulnerability : CVE-2018-8007
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings...
Malicious code in generator-accelerate-couchdb (npm)
The package generator-accelerate-couchdb was found to contain malicious code...
MAL-2025-21262 Malicious code in generator-accelerate-couchdb (npm)
The package generator-accelerate-couchdb was found to contain malicious code...
CVE-2023-26268
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
CVE-2023-27877
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905...
CVE-2022-24706
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...
PT-2025-16956
Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to OTP-27.3.3 Erlang/OTP versions prior to OTP-26.2.5.11 Erlang/OTP versions prior to OTP-25.3.2.20 Description The issue concerns Unauthenticated Remote Code Execution in Erlang/OTP. Almost 700K CouchDB instances,...
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
CouchDB Enum Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CouchDB Enum Utility', 'Description' = %q This module enumerates databases on CouchDB using the REST API without authentication by default. ,...
CVE-2024-32861 Software House C•CURE - CouchDB executable protection
Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions...
CVE-2024-32861 Software House C•CURE - CouchDB executable protection
Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions...
CVE-2024-39918 Path Traveral in @jmondi/url-to-png
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the ImageId in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in ...