FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a7dd4c2d-77e4-46de-81a2-c453c317f9decouchdb -- user privilege escalation

Cory Sabol reports:

A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality.


Discovery 2021-08-09
Entry 2021-10-12
couchdb
< 3.1.2,2

CVE-2021-39205
https://docs.couchdb.org/en/stable/cve/2021-38295.html
1e54d140-8493-11e8-a795-0028f8d09152couchdb -- multiple vulnerabilities

Apache CouchDB PMC reports:

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.


Discovery 2017-11-14
Entry 2018-07-10
couchdb
< 1.7.2,2

https://blog.couchdb.org/2018/07/10/cve-2018-8007/
CVE-2018-8007
https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/
CVE-2017-12636
CVE-2017-12635
https://lists.apache.org/thread.html/6fa798e96686b7b0013ec2088140d00aeb7d34487d3f5ad032af6934@%3Cdev.couchdb.apache.org%3E
1999a215-fc6b-11e8-8a95-ac1f6b67e138couchdb -- administrator privilege escalation

Apache CouchDB PMC reports:

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.


Discovery 2018-12-01
Entry 2018-12-13
couchdb
< 2.3.0,2

couchdb2
< 2.3.0

http://docs.couchdb.org/en/stable/cve/2018-17188.html
CVE-2018-17188
9b19b6df-a4be-11e8-9366-0028f8d09152couchdb -- administrator privilege escalation

Apache CouchDB PMC reports:

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.


Discovery 2018-06-05
Entry 2018-08-08
couchdb
< 2.2.0,2

http://docs.couchdb.org/en/stable/cve/2018-11769.html
CVE-2018-11769