33 results (0.021 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. Couchbase Server 7.1.4 anterior a 7.1.5 y 7.2.0 anterior a 7.2.1 permite el cruce de directorios. • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://www.couchbase.com/alerts • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 13%CPEs: 11EXPL: 2

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://github.com/mistymntncop/CVE-2023-3079 http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html https://crbug.com/1450481 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject. • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 5

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://github.com/mistymntncop/CVE-2023-2033 https://github.com/sandumjacob/CVE-2023-2033-Analysis https://github.com/insoxin/CVE-2023-2033 https://github.com/tianstcht/CVE-2023-2033 https://github.com/gretchenfrage/CVE-2023-2033-analysis https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html https://crbug.com/1432210 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG https://lists.fedoraproject.o • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://forums.couchbase.com/tags/security https://www.couchbase.com/alerts https://www.couchbase.com/downloads • CWE-306: Missing Authentication for Critical Function •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service. • https://docs.couchbase.com/server/current/release-notes/relnotes.html https://forums.couchbase.com/tags/security https://www.couchbase.com/alerts •