Vulnerabilities > Couchbase > Couchbase Server > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-14 | CVE-2022-32559 | Allocation of Resources Without Limits or Throttling vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.0.4. | 9.1 |
| 2021-09-29 | CVE-2021-35943 | Improper Authentication vulnerability in Couchbase Server Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. | 9.8 |
| 2020-11-12 | CVE-2020-24719 | OS Command Injection vulnerability in Couchbase Server 6.5.1/6.5.2 Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. | 9.8 |
| 2020-02-22 | CVE-2020-9039 | Incorrect Default Permissions vulnerability in Couchbase Server Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. | 9.8 |
| 2019-09-10 | CVE-2019-11495 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Couchbase Server 5.1.1 In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. | 9.8 |
| 2019-09-10 | CVE-2019-11496 | Missing Authentication for Critical Function vulnerability in Couchbase Server In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. | 9.1 |