CVE-2017-12635 — CVSS 9.8 (critical): Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x…
CVE-2020-1955 — CVSS 9.8 (critical): CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called…
CVE-2018-14889 — CVSS 7.8 (high): CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
CVE-2016-8742 — CVSS 7.8 (high): The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit…
CVE-2021-38295 — CVSS 7.3 (high): In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If…
CVE-2018-11769 — CVSS 7.2 (high): CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of…
CVE-2018-8007 — CVSS 7.2 (high): Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied…
CVE-2018-17188 — CVSS 7.2 (high): Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to…
CVE-2017-12636 — CVSS 7.2 (high): CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating…
CVE-2010-2953 — CVSS 6.9 (medium): Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain…
CVE-2010-2234 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication…
CVE-2012-5649 — CVSS 6.8 (medium): Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP…
CVE-2023-45725 — CVSS 5.7 (medium): Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who…
CVE-2014-2668 — CVSS 5.0 (medium): Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter…
CVE-2012-5641 — CVSS 5.0 (medium): Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB…
CVE-2023-26268 — CVSS 4.4 (medium): Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using…
CVE-2012-5650 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows…
CVE-2010-3854 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1…
CVE-2010-0009 — CVSS 4.3 (medium): Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations…