FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9b19b6df-a4be-11e8-9366-0028f8d09152couchdb -- administrator privilege escalation

Apache CouchDB PMC reports:

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.


Discovery 2018-06-05
Entry 2018-08-08
couchdb
< 2.2.0,2

http://docs.couchdb.org/en/stable/cve/2018-11769.html
CVE-2018-11769
1e54d140-8493-11e8-a795-0028f8d09152couchdb -- multiple vulnerabilities

Apache CouchDB PMC reports:

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.


Discovery 2017-11-14
Entry 2018-07-10
couchdb
< 1.7.2,2

https://blog.couchdb.org/2018/07/10/cve-2018-8007/
CVE-2018-8007
https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/
CVE-2017-12636
CVE-2017-12635
https://lists.apache.org/thread.html/6fa798e96686b7b0013ec2088140d00aeb7d34487d3f5ad032af6934@%3Cdev.couchdb.apache.org%3E
4fb45a1c-c5d0-11e2-8400-001b216147b0couchdb -- DOM based Cross-Site Scripting via Futon UI

Jan Lehnardt reports:

Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user.


Discovery 2012-01-14
Entry 2013-05-26
couchdb
< 1.2.1,1

CVE-2012-5650
http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F@apache.org%3E
1999a215-fc6b-11e8-8a95-ac1f6b67e138couchdb -- administrator privilege escalation

Apache CouchDB PMC reports:

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.


Discovery 2018-12-01
Entry 2018-12-13
couchdb
< 2.3.0,2

couchdb2
< 2.3.0

http://docs.couchdb.org/en/stable/cve/2018-17188.html
CVE-2018-17188
a7dd4c2d-77e4-46de-81a2-c453c317f9decouchdb -- user privilege escalation

Cory Sabol reports:

A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality.


Discovery 2021-08-09
Entry 2021-10-12
couchdb
< 3.1.2,2

CVE-2021-39205
https://docs.couchdb.org/en/stable/cve/2021-38295.html