CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-36667
https://notcve.org/view.php?id=CVE-2023-36667
08 Nov 2023 — Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. Couchbase Server 7.1.4 anterior a 7.1.5 y 7.2.0 anterior a 7.2.1 permite el cruce de directorios. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 4CVE-2023-3079 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-3079
05 Jun 2023 — Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corru... • https://packetstorm.news/files/id/176211 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 5%CPEs: 7EXPL: 5CVE-2023-2033 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-2033
14 Apr 2023 — Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corrup... • https://github.com/mistymntncop/CVE-2023-2033 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42951
https://notcve.org/view.php?id=CVE-2022-42951
06 Feb 2023 — An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-287: Improper Authentication CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25016
https://notcve.org/view.php?id=CVE-2023-25016
06 Feb 2023 — Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32556
https://notcve.org/view.php?id=CVE-2022-32556
21 Jul 2022 — An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. Una clave privada es filtrada a los archivos de registro con determinados bloqueos • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33911
https://notcve.org/view.php?id=CVE-2022-33911
11 Jul 2022 — An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information. Se ha detectado un problema en Couchbase Server versiones 7.x anteriores a 7.0.4. Los nombres de los campos no están redactados en los mensajes de comprobación registrados para el servicio de análisis. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32559
https://notcve.org/view.php?id=CVE-2022-32559
14 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. Las peticiones HTTP aleatorias conllevan a una filtración de métricas • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32557
https://notcve.org/view.php?id=CVE-2022-32557
14 Jun 2022 — An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. Se ha detectado un problema en Couchbase Server versiones anteriores a 7.0.4. El servicio de índices no aplica la autenticación para los servidores TCP/TLS • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32561
https://notcve.org/view.php?id=CVE-2022-32561
14 Jun 2022 — An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. Se ha detectado un problema en Couchbase Server versiones anteriores a 6.6.5 y versiones 7.x anteriores a 7.0.4. Las mitigaciones anteriores para CVE-2018-15728 resultaron insuficientes cuando ha sido detectado que se podía seguir accediendo a los endpoints de diagnóstico... • https://docs.couchbase.com/server/current/release-notes/relnotes.html •