Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Couchbase_server
(Couchbase)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 50 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-05 | CVE-2023-50782 | A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | Couchbase_server, Cryptography, Ansible_automation_platform, Enterprise_linux, Update_infrastructure | 7.5 | ||
| 2024-09-19 | CVE-2024-25673 | Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. | Couchbase_server | 6.1 | ||
| 2024-07-26 | CVE-2024-37034 | An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. | Couchbase_server | 5.9 | ||
| 2023-11-08 | CVE-2023-45875 | An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster. | Couchbase_server | 7.5 | ||
| 2023-11-08 | CVE-2023-36667 | Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. | Couchbase_server | 7.5 | ||
| 2024-01-16 | CVE-2024-0519 | Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Couchbase_server, Fedora, Chrome | 8.8 | ||
| 2023-06-05 | CVE-2023-3079 | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Couchbase_server, Debian_linux, Fedora, Chrome | 8.8 | ||
| 2023-04-14 | CVE-2023-2033 | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Couchbase_server, Debian_linux, Fedora, Chrome | 8.8 | ||
| 2019-09-10 | CVE-2019-11495 | In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0. | Couchbase_server | 9.8 | ||
| 2022-06-02 | CVE-2021-33504 | Couchbase Server before 7.1.0 has Incorrect Access Control. | Couchbase_server | 4.9 |