CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 3CVE-2014-2668 – Apache CouchDB 1.5.0 - 'uuids' Denial of Service
https://notcve.org/view.php?id=CVE-2014-2668
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. Apache CouchDB 1.5.0 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través del parámetro count hacia /_uuids. • https://www.exploit-db.com/exploits/32519 http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html http://packetstormsecurity.com/files/125889 http://secunia.com/advisories/57572 http://www.exploit-db.com/exploits/32519 http://www.securityfocus.com/bid/66474 http://www.securitytracker.com/id/1029967 https://exchange.xforce.ibmcloud.com/vulnerabilities/92161 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 8%CPEs: 7EXPL: 0CVE-2012-5649
https://notcve.org/view.php?id=CVE-2012-5649
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. Apache CouchDB anterior a 1.0.4, 1.1.x anterior a 1.1.2 y 1.2.x anterior a 1.2.1 permite a atacantes remotos ejecutar código arbitrario a través de una devolución de llamada JSONP, relacionado con Adobe Flash. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0057.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098089.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098092.html http://secunia.com/advisories/51765 http://www.mandriva.com/security/advisories?name=MDVSA-2013:067 http://www.securityfocus.com/bid/57314 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 2%CPEs: 7EXPL: 0CVE-2012-5650
https://notcve.org/view.php?id=CVE-2012-5650
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite. Una vulnerabilidad de tipo cross-site scripting (XSS) en la UI de Futon en Apache CouchDB anteriores a versión 1.0.4, versiones 1.1.x anteriores a 1.1.2 y versiones 1.2.x anteriores a 1.2.1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de parámetros no especificados para el conjunto de pruebas basadas en el navegador. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F%40apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 1CVE-2012-5641
https://notcve.org/view.php?id=CVE-2012-5641
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. Vulnerabilidad de salto de directorio en la función partition2 en mochiweb_util.erl en MochiWeb anterior a 2.4.0, utilizado en Apache CouchDB anterior a 1.0.4, 1.1.x anterior a 1.1.2 y 1.2.x anterior a 1.2.1, permite a atacantes remotos leer archivos arbitrarios a través de un ..\ (punto punto barra invertida) en la URI por defecto. • http://seclists.org/fulldisclosure/2013/Jan/81 http://secunia.com/advisories/51765 http://www.securityfocus.com/bid/57313 https://exchange.xforce.ibmcloud.com/vulnerabilities/81240 https://github.com/melkote/mochiweb/commit/ac2bf https://github.com/mochi/mochiweb/issues/92 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2010-3854
https://notcve.org/view.php?id=CVE-2010-3854
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administración web (también conocido como Futon) en Apache CouchDB v0.8.0 hasta v1.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A%40apache.org%3E http://osvdb.org/70734 http://secunia.com/advisories/43111 http://www.securityfocus.com/archive/1/516058/100/0/threaded http://www.securityfocus.com/bid/46066 http://www.securitytracker.com/id?1025013 http://www.vupen.com/english/advisories/2011/0263 https://exchange.xforce.ibmcloud.com/vulnerabilities/65050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •