Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheCouchdb

20 matches found

CVE
CVEadded 2022/04/26 12:0 a.m.862 views

CVE-2022-24706

CVE-2022-24706 affects Apache CouchDB before 3.2.2, where an attacker can access an improperly secured default installation without authentication and gain admin privileges due to an access-control flaw. Affected versions include 3.2.1 and earlier; remediation is to upgrade to CouchDB 3.2.2 (or a...

10CVSS9.5AI score0.94383EPSS
In wild
CVE
CVEadded 2017/11/14 8:0 p.m.182 views

CVE-2017-12635

CVE-2017-12635 affects Apache CouchDB versions before 1.7.0 and 2.x before 2.1.1, where differences between the Erlang JSON parser and the JavaScript JSON parser allow a user document to contain duplicate roles keys. The second roles key governs authorization for writing the user, while the first...

10CVSS8.2AI score0.94098EPSS
In wildWeb
CVE
CVEadded 2017/11/14 8:0 p.m.145 views

CVE-2017-12636

CVE-2017-12636 affects Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1, where an admin-configured HTTP(S) interface can point to OS binaries, enabling arbitrary shell commands to be executed as the CouchDB user. Multiple connected documents corroborate this RCE via configuration, with exploi...

9CVSS8.5AI score0.93752EPSS
CVE
CVEadded 2014/03/28 4:0 p.m.84 views

CVE-2014-2668

CVE-2014-2668 affects Apache CouchDB 1.5.0 and earlier. A remote attacker could trigger a Denial of Service by abusing the count parameter to /_uuids, consuming CPU and memory. Public advisories and OpenVAS/Gentoo entries consistently describe the issue and recommend upgrading to a newer CouchDB ...

5CVSS6.4AI score0.48831EPSS
CVE
CVEadded 2021/10/14 7:55 p.m.84 views

CVE-2021-38295

CVE-2021-38295 affects Apache CouchDB before 3.1.2. A malicious user who can create documents can attach an HTML file; when an admin opens the attachment in a browser (e.g., Fauxton) the embedded JavaScript runs in the admin’s security context, enabling privilege escalation. Affected routes inclu...

7.3CVSS7.1AI score0.08996EPSS
CVE
CVEadded 2018/08/08 3:0 p.m.79 views

CVE-2018-11769

CVE-2018-11769 affects CouchDB admin users prior to 2.2.0, allowing an administrator to bypass HTTP API configuration restrictions and escalate to the operating system user running CouchDB, effectively enabling arbitrary remote code execution. The issue arises from insufficient validation of admi...

9CVSS7.6AI score0.93752EPSS
CVE
CVEadded 2018/07/11 1:0 p.m.78 views

CVE-2018-8007

Apache CouchDB contains a privilege-escalation path where an administrator can modify HTTP-configured settings despite a blacklist, potentially elevating to the OS user that CouchDB runs under and leading to arbitrary remote code execution. The issue stems from insufficient validation of administ...

9CVSS7.6AI score0.93752EPSS
Web
CVE
CVEadded 2014/03/18 2:0 p.m.74 views

CVE-2012-5650

The CVE-2012-5650 entry describes a Cross-Site Scripting (XSS) vulnerability in the Futon UI of Apache CouchDB. AFFECTED VERSIONS include CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified para...

4.3CVSS5.6AI score0.00895EPSS
CVE
CVEadded 2023/05/02 8:6 p.m.73 views

CVE-2023-26268

CVE-2023-26268 affects Apache CouchDB. Connected sources confirm that design documents with matching IDs in databases on the same cluster may share a mutable Javascript environment when using design_doc functions (validate_doc_update, list, filter, filter views, rewrite, update). The vulnerabilit...

5.3CVSS4.7AI score0.00055EPSS
CVE
CVEadded 2020/05/20 1:53 p.m.71 views

CVE-2020-1955

CVE-2020-1955 affects CouchDB 3.0.0 where the new require_valid_user_except_for_up setting was intended to require credentials for all endpoints except /_up, but a defect caused credentials not to be enforced at any endpoint when enabled. Multiple sources (NVD/NIST entry, OSV, SUSE and Nessus/Ope...

9.8CVSS9.3AI score0.01868EPSS
CVE
CVEadded 2014/03/18 2:0 p.m.70 views

CVE-2012-5641

CVE-2012-5641 describes a directory traversal in MochiWeb (partition2 in mochiweb_util.erl) that could let remote attackers read arbitrary files via ..\ in the default URI. Affected: MochiWeb prior to 2.4.0 used in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1. Imp...

5CVSS6.6AI score0.0373EPSS
CVE
CVEadded 2019/01/02 2:0 p.m.64 views

CVE-2018-17188

Apache CouchDB CVE-2018-17188 affects prior to v2.3.0, where runtime-configuration of key components could let CouchDB admin users access the underlying OS as the CouchDB user. This vulnerability, together with others, could enable full system entry for unauthenticated users. Evidence in connecte...

7.2CVSS7.1AI score0.01384EPSS
CVE
CVEadded 2010/08/19 8:0 p.m.63 views

CVE-2010-2234

CVE-2010-2234 affects Apache CouchDB 0.8.0–0.11.0 and describes a cross-site request forgery (CSRF) that can hijack the administrator’s authentication for direct requests to an installation URL. The OpenVAS and Fedora advisory entries in the connected documents confirm CouchDB updates released to...

6.8CVSS6.9AI score0.00531EPSS
CVE
CVEadded 2010/09/14 6:0 p.m.61 views

CVE-2010-2953

Technical details about CVE-2010-2953 (affected products, root cause, and fixes) are not publicly provided in the supplied documents; monitor for updates from vendors and security advisories.

6.9CVSS6.2AI score0.00146EPSS
CVE
CVEadded 2010/04/05 4:0 p.m.57 views

CVE-2010-0009

CVE-2010-0009 affects Apache CouchDB 0.8.0–0.10.1. The issue arises from a timing side-channel when verifying hashes or passwords, allowing remote attackers to infer sensitive information by measuring operation completion times. The provided connected documents confirm the vulnerability and affec...

4.3CVSS6AI score0.01499EPSS
CVE
CVEadded 2023/12/13 8:2 a.m.57 views

CVE-2023-45725

CVE-2023-45725 is a vulnerability affecting IBM Planning Analytics Local (IBM Planning Analytics Workspace) 2.1 and 2.0. It concerns design document functions that receive a user HTTP request object, which may expose authorization or session cookie headers. The attack, as described, requires the ...

5.7CVSS5.3AI score0.00222EPSS
CVE
CVEadded 2011/02/02 12:0 a.m.56 views

CVE-2010-3854

CVE-2010-3854 affects Apache CouchDB Futon (web admin) from versions 0.8.0 through 1.0.1, where multiple XSS vulnerabilities permit remote script/HTML injection via unspecified vectors. Core issue: improper input handling in Futon. Impact is remote script execution in the admin interface context....

4.3CVSS5.6AI score0.02471EPSS
CVE
CVEadded 2014/05/23 2:0 p.m.54 views

CVE-2012-5649

CVE-2012-5649 affects Apache CouchDB up to vulnerable branches: 1.0.4, 1.1.x up to 1.1.2, and 1.2.x up to 1.2.1. The issue allows remote attackers to execute arbitrary code via a JSONP callback related to Adobe Flash. Mitigation: upgrade to fixed releases (1.0.4+, 1.1.2+, 1.2.1+). Open detail con...

6.8CVSS7.5AI score0.01836EPSS
CVE
CVEadded 2018/02/12 5:0 p.m.45 views

CVE-2016-8742

CVE-2016-8742 affects CouchDB 2.0.0 on Windows where the Windows installer inherited the parent directory’s permissions, allowing a non-privileged user to substitute executables for nssm.exe or CouchDB launcher files. A restart then executes the tainted binary with administrator privileges, enabl...

7.8CVSS7.4AI score0.00436EPSS
CVE
CVEadded 2018/09/21 9:0 p.m.44 views

CVE-2018-14889

CVE-2018-14889 affects CouchDB in Vectra Networks Cognito Brain and Sensor prior to version 4.3, described as a local code execution vulnerability . The available data show a local attack with partial impact on confidentiality, integrity, and availability (CVSS2: 4.6 MEDIUM; CVSS3: 7.8 HIGH); exp...

7.8CVSS7.6AI score0.00036EPSS