454 matches found
SUSE-SU-2018:2765-1 Security update for couchdb
This update for couchdb fixes the following security issues: - CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB...
SUSE-SU-2018:2578-1 Security update for couchdb
This update for couchdb to 1.7.2 fixes the following security issues: - CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB...
Apache CouchDB < 2.2.0 Privilege Escalation Vulnerability - Windows
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
Apache CouchDB 1.x < 1.7.2, 2.x < 2.1.2 Privilege Escalation Vulnerability - Linux
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
CVE-2018-11769
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
CVE-2018-11769
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
CVE-2018-11769
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
Input validation
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
CVE-2018-11769
CVE-2018-11769 affects CouchDB admin users prior to 2.2.0, allowing an administrator to bypass HTTP API configuration restrictions and escalate to the operating system user running CouchDB, effectively enabling arbitrary remote code execution. The issue arises from insufficient validation of admi...
CVE-2018-11769
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
Apache CouchDB 1.x < 1.7.2, 2.x < 2.1.2 Privilege Escalation Vulnerability - Windows
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
Design/Logic Flaw
The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter...
CVE-2018-13791
The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter...
Cross site request forgery (csrf)
Multiple Cross Site Request Forgery CSRF vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...
CVE-2018-13793
Multiple Cross Site Request Forgery CSRF vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...
CVE-2018-13793
CVE-2018-13793 concerns ABBYY FlexiCapture’s HTTP API with multiple CSRF vulnerabilities affecting Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login prior to 12 Release 1 Update 7. The affected surface is the HTTP API in the mentioned modules; exploitation deta...