Vulnerabilities > Apache > Couchdb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-14 | CVE-2017-12636 | OS Command Injection vulnerability in Apache Couchdb CouchDB administrative users can configure the database server via HTTP(S). | 7.2 |
2017-11-14 | CVE-2017-12635 | Improper Privilege Management vulnerability in Apache Couchdb Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. | 9.8 |
2014-05-23 | CVE-2012-5649 | Code Injection vulnerability in Apache Couchdb Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | 6.8 |
2014-03-28 | CVE-2014-2668 | Improper Input Validation vulnerability in Apache Couchdb Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | 5.0 |
2014-03-18 | CVE-2012-5641 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. | 5.0 |
2010-09-14 | CVE-2010-2953 | Remote Code Execution vulnerability in Apache Couchdb 0.8.0 Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory. local apache | 6.9 |
2010-08-19 | CVE-2010-2234 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Couchdb Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL. | 6.8 |
2010-04-05 | CVE-2010-0009 | Information Exposure vulnerability in Apache Couchdb Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. | 4.3 |