Vulnerabilities > Couchbase > Couchbase Server > 5.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-29 | CVE-2021-35945 | Classic Buffer Overflow vulnerability in Couchbase Server Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. | 5.0 |
| 2021-05-26 | CVE-2021-25643 | Cleartext Transmission of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. | 4.0 |
| 2021-05-19 | CVE-2021-25644 | Cleartext Storage of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. | 5.0 |
| 2021-05-10 | CVE-2021-25645 | Cleartext Storage of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. | 2.1 |
| 2020-02-22 | CVE-2020-9039 | Incorrect Default Permissions vulnerability in Couchbase Server Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. | 7.5 |
| 2019-09-10 | CVE-2019-11497 | Improper Certificate Validation vulnerability in Couchbase Server 5.0.0 In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. | 5.0 |
| 2019-09-10 | CVE-2019-11496 | Missing Authentication for Critical Function vulnerability in Couchbase Server 4.0.0/4.6.3/5.0.0 In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. | 6.4 |