Vulnerabilities > Couchbase > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-14 | CVE-2022-32559 | Allocation of Resources Without Limits or Throttling vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.0.4. | 9.1 |
| 2022-06-10 | CVE-2022-32563 | Improper Certificate Validation vulnerability in Couchbase Sync Gateway 3.0.0/3.0.1 An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. | 9.8 |
| 2021-09-29 | CVE-2021-35943 | Improper Authentication vulnerability in Couchbase Server Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. | 9.8 |
| 2020-11-12 | CVE-2020-24719 | OS Command Injection vulnerability in Couchbase Server 6.5.1/6.5.2 Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. | 9.8 |
| 2020-02-22 | CVE-2020-9039 | Incorrect Default Permissions vulnerability in Couchbase Server Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. | 9.8 |
| 2019-09-10 | CVE-2019-11496 | Missing Authentication for Critical Function vulnerability in Couchbase Server In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. | 9.1 |
| 2019-09-10 | CVE-2019-11495 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Couchbase Server 5.1.1 In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. | 9.8 |
| 2019-06-26 | CVE-2019-9039 | SQL Injection vulnerability in Couchbase Sync Gateway 2.1.2 In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint. | 9.8 |