Couchbase Server 7.1.2

CPE Details

Couchbase Server 7.1.2
7.1.2
2023-02-13
17h40 +00:00
2023-02-23
18h10 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:couchbase:couchbase_server:7.1.2:*:*:*:*:*:*:*

Informations

Vendor

couchbase

Product

couchbase_server

Version

7.1.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-25673 2024-09-19 00h00 +00:00 Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
6.1
Moyen
CVE-2024-37034 2024-07-26 00h00 +00:00 An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.
5.9
Moyen
CVE-2023-43768 2024-03-26 23h00 +00:00 An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.
7.5
Haute
CVE-2023-45874 2024-02-28 00h00 +00:00 An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads).
4.3
Moyen
CVE-2023-43769 2024-02-27 23h00 +00:00 An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics.
6.3
Moyen
CVE-2023-45873 2024-02-27 23h00 +00:00 An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (application exist) because of the OOM killer.
6.5
Moyen
CVE-2023-49338 2024-02-27 23h00 +00:00 Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost.
7.5
Haute
CVE-2023-49931 2024-02-27 23h00 +00:00 An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.
9.8
Critique
CVE-2023-49932 2024-02-27 23h00 +00:00 An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.
5.4
Moyen
CVE-2023-50437 2024-02-27 23h00 +00:00 An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.
8.6
Haute
CVE-2024-23302 2024-02-27 23h00 +00:00 Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.
7.5
Haute
CVE-2024-0519 2024-01-16 21h14 +00:00 Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
Haute
CVE-2023-36667 2023-11-07 23h00 +00:00 Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal.
7.5
Haute
CVE-2023-3079 2023-06-05 21h40 +00:00 Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
Haute
CVE-2023-2033 2023-04-14 18h10 +00:00 Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
Haute
CVE-2023-28470 2023-03-23 00h00 +00:00 In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication.
5.3
Moyen