CPE Details
Couchbase Server 7.1.2
7.1.2
2023-02-13
17h40 +00:00
17h40 +00:00
2023-02-23
18h10 +00:00
18h10 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:couchbase:couchbase_server:7.1.2:*:*:*:*:*:*:*
Informations
Vendor
couchbaseProduct
couchbase_serverVersion
7.1.2Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. | 6.1 |
Moyen |
||
| An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. | 5.9 |
Moyen |
||
| An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands. | 7.5 |
Haute |
||
| An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads). | 4.3 |
Moyen |
||
| An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics. | 6.3 |
Moyen |
||
| An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer. | 6.5 |
Moyen |
||
| Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost. | 7.5 |
Haute |
||
| An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted. | 9.8 |
Critique |
||
| An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions. | 5.4 |
Moyen |
||
| An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2. | 8.6 |
Haute |
||
| Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. | 7.5 |
Haute |
||
| Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 |
Haute |
||
| Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. | 7.5 |
Haute |
||
| Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 |
Haute |
||
| Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 |
Haute |
||
| In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. | 5.3 |
Moyen |
