VYPR

Vendor CVEs

Couchbase

All CVEs

64 total · sorted by risk
  • CVE-2023-49932MedFeb 29, 2024
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.

  • CVE-2023-28470MedMar 23, 2023
    risk 0.35cvss 5.3epss 0.01

    In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication.

  • CVE-2022-33911MedJul 12, 2022
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.

  • CVE-2019-11466MedSep 10, 2019
    risk 0.35cvss 5.3epss 0.01

    In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access.

  • CVE-2019-11465MedSep 10, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged…

  • CVE-2023-50436MedFeb 29, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.

  • CVE-2022-42950MedFeb 6, 2023
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of…

  • CVE-2022-32561MedJun 14, 2022
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.

  • CVE-2021-33504MedJun 2, 2022
    risk 0.32cvss 4.9epss 0.01

    Couchbase Server before 7.1.0 has Incorrect Access Control.

  • CVE-2021-25643MedMay 26, 2021
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens,…

  • CVE-2021-27925MedMay 19, 2021
    risk 0.29cvss 4.4epss 0.01

    An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked…

  • CVE-2021-25645MedMay 10, 2021
    risk 0.29cvss 4.4epss 0.00

    An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and…

  • CVE-2023-45874MedFeb 29, 2024
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads).

  • CVE-2025-49015MedJun 18, 2025
    risk 0.25cvss 4.9epss 0.00

    The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.

Page 2 of 2