Vulnerabilities > Couchbase > Couchbase Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-19 | CVE-2024-25673 | Injection vulnerability in Couchbase Server Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. | 6.1 |
| 2024-07-26 | CVE-2024-37034 | Inadequate Encryption Strength vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. | 5.9 |
| 2023-03-23 | CVE-2023-28470 | Missing Authentication for Critical Function vulnerability in Couchbase Server In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. | 5.3 |
| 2023-02-06 | CVE-2022-42950 | Unspecified vulnerability in Couchbase Server An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. | 4.9 |
| 2022-07-15 | CVE-2022-34826 | Information Exposure Through Log Files vulnerability in Couchbase Server 7.1.0 In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. | 5.9 |
| 2022-07-12 | CVE-2022-33911 | Information Exposure Through Log Files vulnerability in Couchbase Server An issue was discovered in Couchbase Server 7.x before 7.0.4. | 5.3 |
| 2022-06-14 | CVE-2022-32561 | Unspecified vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. | 4.9 |
| 2022-06-13 | CVE-2022-32193 | Information Exposure Through Log Files vulnerability in Couchbase Server Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | 6.5 |
| 2022-06-02 | CVE-2021-33504 | Unspecified vulnerability in Couchbase Server Couchbase Server before 7.1.0 has Incorrect Access Control. | 4.9 |
| 2021-05-26 | CVE-2021-25643 | Cleartext Transmission of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. | 4.9 |