Vulnerabilities > Couchbase
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-10 | CVE-2019-11467 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Couchbase Server 4.6.3/5.5.0 In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. | 7.5 |
| 2019-09-10 | CVE-2019-11466 | Missing Authentication for Critical Function vulnerability in Couchbase Server 5.5.0/6.0.0 In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. | 5.3 |
| 2019-09-10 | CVE-2019-11465 | Information Exposure Through Log Files vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. | 5.3 |
| 2019-09-10 | CVE-2019-11464 | Cross-site Scripting vulnerability in Couchbase Server 5.1.2/5.5.0 Some enterprises require that REST API endpoints include security-related headers in REST responses. | 6.1 |
| 2019-06-26 | CVE-2019-9039 | SQL Injection vulnerability in Couchbase Sync Gateway 2.1.2 In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. | 9.8 |
| 2018-08-24 | CVE-2018-15728 | Code Injection vulnerability in Couchbase Server Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. | 8.8 |