Vulnerabilities > Couchbase > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-25643 | Cleartext Transmission of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. | 4.9 |
| 2021-05-19 | CVE-2021-27924 | Cleartext Transmission of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server 6.x through 6.6.1. | 5.9 |
| 2021-05-19 | CVE-2021-27925 | Race Condition vulnerability in Couchbase Server An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. | 4.4 |
| 2021-05-19 | CVE-2021-31158 | Incorrect Authorization vulnerability in Couchbase Server In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access. | 6.5 |
| 2021-05-10 | CVE-2021-25645 | Cleartext Storage of Sensitive Information vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. | 4.4 |
| 2019-09-10 | CVE-2019-11466 | Missing Authentication for Critical Function vulnerability in Couchbase Server 5.5.0/6.0.0 In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. | 5.3 |
| 2019-09-10 | CVE-2019-11465 | Information Exposure Through Log Files vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. | 5.3 |
| 2019-09-10 | CVE-2019-11464 | Cross-site Scripting vulnerability in Couchbase Server 5.1.2/5.5.0 Some enterprises require that REST API endpoints include security-related headers in REST responses. | 6.1 |