CVE-2019-11465
- EPSS 0.36%
- Published 10.09.2019 17:15:11
- Last modified 21.11.2024 04:21:08
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for ...
CVE-2019-11464
- EPSS 0.24%
- Published 10.09.2019 17:15:11
- Last modified 21.11.2024 04:21:07
Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look...
- EPSS 1.42%
- Published 24.08.2018 19:29:02
- Last modified 21.11.2024 03:51:21
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the co...