Known Vulnerabilities for Couchdb by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Couchdb" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24706 | In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating an... | 9.8 - CRITICAL | 2022-04-26 | 2023-11-07 |
| CVE-2021-38295 | In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to ... | 7.3 - HIGH | 2021-10-14 | 2023-08-08 |
| CVE-2020-1955 | CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server call... | 9.8 - CRITICAL | 2020-05-20 | 2021-07-21 |
| CVE-2018-17188 | Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, t... | 7.2 - HIGH | 2019-01-02 | 2023-11-07 |
| CVE-2018-14889 | CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. | 7.8 - HIGH | 2018-09-21 | 2018-11-08 |
| CVE-2018-11769 | CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of ad... | 7.2 - HIGH | 2018-08-08 | 2023-11-07 |
| CVE-2018-8007 | Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administ... | 7.2 - HIGH | 2018-07-11 | 2023-11-07 |
| CVE-2017-12636 | CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths f... | 7.2 - HIGH | 2017-11-14 | 2023-11-07 |
| CVE-2017-12635 | Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before ... | 9.8 - CRITICAL | 2017-11-14 | 2023-11-07 |
| CVE-2016-8742 | The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the in... | 7.8 - HIGH | 2018-02-12 | 2018-03-14 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Couchdb | 3.0.0 | All | All | All |
| Application | Apache | Couchdb | 2.3.1 | rc3 | All | All |
| Application | Apache | Couchdb | 2.3.1 | rc2 | All | All |
| Application | Apache | Couchdb | 2.3.0 | rc1 | All | All |
| Application | Apache | Couchdb | 2.3.0 | - | All | All |
| Application | Apache | Couchdb | 2.3.0 | All | All | All |
| Application | Apache | Couchdb | 2.2.0 | rc3 | All | All |
| Application | Apache | Couchdb | 2.2.0 | rc2 | All | All |
| Application | Apache | Couchdb | 2.2.0 | rc1 | All | All |
| Application | Apache | Couchdb | 2.2.0 | - | All | All |
| Application | Apache | Couchdb | 2.2.0 | All | All | All |
| Application | Apache | Couchdb | 2.1.2. | All | All | All |
| Application | Apache | Couchdb | 2.1.2 | All | All | All |
| Application | Apache | Couchdb | 2.1.2 | - | All | All |
| Application | Apache | Couchdb | 2.1.2 | rc8 | All | All |
| Application | Apache | Couchdb | 2.1.2 | rc5 | All | All |
| Application | Apache | Couchdb | 2.1.1 | rc2 | All | All |
| Application | Apache | Couchdb | 2.1.1 | rc1 | All | All |
| Application | Apache | Couchdb | 2.1.1 | - | All | All |
| Application | Apache | Couchdb | 2.1.1 | All | All | All |