VYPR

Server

by Couchbase

CVEs (15)

  • CVE-2022-42951HigFeb 6, 2023
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can…

  • CVE-2024-23302HigFeb 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.

  • CVE-2023-45875HigNov 8, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.

  • CVE-2021-42763HigNov 2, 2021
    risk 0.49cvss 7.5epss 0.01

    Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included…

  • CVE-2021-35945HigSep 29, 2021
    risk 0.49cvss 7.5epss 0.01

    Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.

  • CVE-2021-35944HigSep 29, 2021
    risk 0.49cvss 7.5epss 0.01

    Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.

  • CVE-2019-11467HigSep 10, 2019
    risk 0.49cvss 7.5epss 0.01

    In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service…

  • CVE-2024-25673MedSep 19, 2024
    risk 0.40cvss 6.1epss 0.00

    Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.

  • CVE-2024-37034MedJul 26, 2024
    risk 0.38cvss 5.9epss 0.00

    An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.

  • CVE-2023-28470MedMar 23, 2023
    risk 0.35cvss 5.3epss 0.01

    In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication.

  • CVE-2019-11466MedSep 10, 2019
    risk 0.35cvss 5.3epss 0.01

    In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.

  • CVE-2023-50436MedFeb 29, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.

  • CVE-2021-25643MedMay 26, 2021
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens,…

  • CVE-2021-27925MedMay 19, 2021
    risk 0.29cvss 4.4epss 0.01

    An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked…

  • CVE-2021-25645MedMay 10, 2021
    risk 0.29cvss 4.4epss 0.00

    An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and…