CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25673
https://notcve.org/view.php?id=CVE-2024-25673
19 Sep 2024 — Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37034
https://notcve.org/view.php?id=CVE-2024-37034
26 Jul 2024 — An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. • https://www.couchbase.com/alerts • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43768
https://notcve.org/view.php?id=CVE-2023-43768
27 Mar 2024 — An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands. Se descubrió un problema en Couchbase Server 6.6.x hasta 7.2.0, anteriores a 7.1.5 y 7.2.1. Los usuarios no autenticados pueden hacer que Memcached se quede sin memoria mediante comandos grandes. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49931
https://notcve.org/view.php?id=CVE-2023-49931
28 Feb 2024 — An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted. Se descubrió un problema en Couchbase Server antes de la versión 7.2.4. Las llamadas cURL de SQL++ a /diag/eval no están suficientemente restringidas. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50437
https://notcve.org/view.php?id=CVE-2023-50437
28 Feb 2024 — An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2. Se descubrió un problema en Couchbase Server antes de 7.2.x antes de 7.2.4. otpCookie se muestra con administración completa en pools/default/serverGroups y engagementCluster2. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23302
https://notcve.org/view.php?id=CVE-2024-23302
28 Feb 2024 — Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. Couchbase Server anterior a 7.2.4 tiene una fuga de clave privada en goxdcr.log. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36667
https://notcve.org/view.php?id=CVE-2023-36667
08 Nov 2023 — Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. Couchbase Server 7.1.4 anterior a 7.1.5 y 7.2.0 anterior a 7.2.1 permite el cruce de directorios. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45875
https://notcve.org/view.php?id=CVE-2023-45875
08 Nov 2023 — An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster. Se descubrió un problema en Couchbase Server 7.2.0. Hay una fuga de clave privada en debug.log al agregar un nodo anterior a 7.0 a un clúster 7.2. • https://docs.couchbase.com/server/current/release-notes/relnotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 11EXPL: 4CVE-2023-3079 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-3079
05 Jun 2023 — Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corru... • https://packetstorm.news/files/id/176211 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 7%CPEs: 7EXPL: 5CVE-2023-2033 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-2033
14 Apr 2023 — Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corrup... • https://github.com/mistymntncop/CVE-2023-2033 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •