Lucene search
K

167 matches found

CNVD
CNVD
added 2022/04/28 12:0 a.m.21 views

Apache CouchDB Access Control Error Vulnerability

Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang.An access control error vulnerability exists in versions prior to Apache CouchDB 3.2.2, which stems from a network system or product that does not properly restrict access to resources from...

10CVSS4AI score0.92335EPSS
Exploits9References1
NVD
NVD
added 2022/04/26 10:15 a.m.24 views

CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

10CVSS0.92335EPSS
Exploits9References11
UbuntuCve
UbuntuCve
added 2022/04/26 10:15 a.m.84 views

CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

10CVSS7AI score0.92335EPSS
Exploits9References6
Vulnrichment
Vulnrichment
added 2022/04/26 12:0 a.m.6 views

CVE-2022-24706 Remote Code Execution Vulnerability in Packaging

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

9.5AI score0.92335EPSS
Exploits9References10
OSV
OSV
added 2022/04/26 12:0 a.m.40 views

CVE-2022-24706 Remote Code Execution Vulnerability in Packaging

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

9.8CVSS7.3AI score0.92335EPSS
Exploits9References13
ATTACKERKB
ATTACKERKB
added 2022/04/26 12:0 a.m.39 views

CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

10CVSS3.9AI score0.92335EPSS
In wildExploits9References12
Cvelist
Cvelist
added 2022/04/26 12:0 a.m.30 views

CVE-2022-24706 Remote Code Execution Vulnerability in Packaging

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

9.7AI score0.92335EPSS
Exploits9References10
CVE
CVE
added 2022/04/26 12:0 a.m.921 views

CVE-2022-24706

CVE-2022-24706 affects Apache CouchDB before 3.2.2, where an attacker can access an improperly secured default installation without authentication and gain admin privileges due to an access-control flaw. Affected versions include 3.2.1 and earlier; remediation is to upgrade to CouchDB 3.2.2 (or a...

10CVSS9.5AI score0.92335EPSS
In wildExploits9References11Affected Software1
RedhatCVE
RedhatCVE
added 2021/11/29 6:26 a.m.21 views

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS1.2AI score0.02474EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/10/18 12:0 a.m.18 views

Apache CouchDB <= 3.1.1 Privilege Escalation Vulnerability - Linux

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

7.3CVSS7.4AI score0.02474EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/10/18 12:0 a.m.19 views

Apache CouchDB <= 3.1.1 Privilege Escalation Vulnerability - Windows

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

7.3CVSS7.4AI score0.02474EPSS
Exploits1References1
OSV
OSV
added 2021/10/14 8:15 p.m.21 views

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS6.8AI score0.02474EPSS
Exploits1References1
NVD
NVD
added 2021/10/14 8:15 p.m.29 views

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS0.02474EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/10/14 8:15 p.m.21 views

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS6.4AI score0.02474EPSS
Exploits1References1
OSV
OSV
added 2021/10/14 8:15 p.m.3 views

UBUNTU-CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS5.8AI score0.02474EPSS
Exploits1References2
CVE
CVE
added 2021/10/14 7:55 p.m.90 views

CVE-2021-38295

CVE-2021-38295 affects Apache CouchDB before 3.1.2. A malicious user who can create documents can attach an HTML file; when an admin opens the attachment in a browser (e.g., Fauxton) the embedded JavaScript runs in the admin’s security context, enabling privilege escalation. Affected routes inclu...

7.3CVSS7.1AI score0.02474EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/14 7:55 p.m.32 views

CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.5AI score0.02474EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/05/25 12:0 a.m.32 views

Apache CouchDB 3.0.0 Remote Privilege Escalation Vulnerability - Linux

CouchDB is prone to a remote privilege escalation vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

9.8CVSS9.7AI score0.01846EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/03/17 12:0 a.m.29 views

Fedora: Security Advisory for couchdb (FEDORA-2020-73bd8167a0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.2AI score
Exploits0References2
Fedora
Fedora
added 2020/03/16 8:49 p.m.48 views

[SECURITY] Fedora 32 Update: couchdb-3.0.0-1.fc32

Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...

9CVSS2.7AI score0.11681EPSS
Exploits3
Rows per page
Query Builder