Vulnerabilities > Couchbase > Couchbase Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-29 | CVE-2021-35945 | Classic Buffer Overflow vulnerability in Couchbase Server Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. | 7.5 |
| 2021-05-19 | CVE-2021-25644 | Cleartext Storage of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. | 7.5 |
| 2020-06-08 | CVE-2020-9042 | Cross-Site Request Forgery (CSRF) vulnerability in Couchbase Server 6.0.0 In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. | 8.8 |
| 2020-06-08 | CVE-2020-9041 | Improper Resource Shutdown or Release vulnerability in Couchbase Server and Sync Gateway In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections. | 7.5 |
| 2019-09-10 | CVE-2019-11497 | Improper Certificate Validation vulnerability in Couchbase Server 5.0.0 In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. | 7.5 |
| 2019-09-10 | CVE-2019-11467 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Couchbase Server 4.6.3/5.5.0 In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. | 7.5 |
| 2018-08-24 | CVE-2018-15728 | Code Injection vulnerability in Couchbase Server Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. | 8.8 |