Lucene search
K

630 matches found

OSV
OSV
added 2025/06/18 3:31 p.m.6 views

GHSA-PX2C-R924-MWCC Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates

The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...

4.9CVSS7AI score0.00192EPSS
Exploits0References6
OSV
OSV
added 2025/06/18 2:15 p.m.3 views

CVE-2025-49015

The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...

4.9CVSS5.8AI score0.00192EPSS
Exploits0References3
NVD
NVD
added 2025/06/18 2:15 p.m.11 views

CVE-2025-49015

The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...

4.9CVSS0.00192EPSS
Exploits0References3
CVE
CVE
added 2025/06/18 12:0 a.m.20 views

CVE-2025-49015

The CVE-2025-49015 entry concerns the Couchbase .NET SDK (client library) prior to 3.7.1 that does not properly enable hostname verification for TLS certificates, and was configured to use IP addresses instead of hostnames by default. Reported impact is exposure to MITM via TLS misconfig, with co...

4.9CVSS6.6AI score0.00192EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.3 views

Couchbase .NET SDK 安全漏洞

The Couchbase .NET SDK is a software development kit for .NET developers from Couchbase, Inc. A security vulnerability exists in Couchbase .NET SDK versions prior to 3.7.1 that stems from hostname validation not being properly enabled, which could lead to a man-in-the-middle attack...

4.9CVSS6.3AI score0.00192EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/18 12:0 a.m.10 views

CVE-2025-49015

The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...

0.00192EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/18 12:0 a.m.3 views

CVE-2025-49015

The Couchbase .NET SDK client library before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default...

5.1AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.10 views

PT-2025-26166 · Couchbase · Couchbase .Net Sdk

Name of the Vulnerable Software and Affected Versions: Couchbase .NET SDK versions prior to 3.7.1 Description: The issue concerns the Couchbase .NET SDK's failure to properly enable hostname verification for TLS certificates. Additionally, the SDK was using IP addresses instead of hostnames due t...

4.9CVSS6.2AI score0.00192EPSS
Exploits0References10
Snyk
Snyk
added 2025/06/05 6:30 a.m.4 views

SQL Injection

Overview llama-index-vector-stores-couchbase is a LlamaIndex VectorStores Integration: Couchbase Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access ...

9.8CVSS7.9AI score0.00581EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/06/03 3:31 p.m.4 views

com.adobe.api.platform.runtime:mesos-actor (>=0.0.32 <=0.0.33), com.ing.baker:baker-runtime_2.12 (>=3.0.3 <=3.6.3) +104 more potentially affected by CVE-2025-46548 via com.lightbend.akka.management:akka-management_2.12 (>=0.7 <=1.4.1)

com.lightbend.akka.management:akka-management2.12 MAVEN version =0.7, =0.0.32, =3.0.3, =3.6.0, =3.3.0, =0.7, =0.7, =1.1.3, =1.0.6, =2.0.0-M1, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =back-to-core-SNAPSHOT-4 and more Source cves: CVE-2025-46548 Sour...

6.5CVSS5.4AI score0.00655EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.10 views

CVE-2024-23302

Couchbase Server before 7.2.4 has a private key leak in goxdcr.log...

7.5CVSS6.9AI score0.00748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:29 a.m.8 views

CVE-2024-37034

An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value KV service using SCRAM-SHA when remote link encryption is configured for Half-Secure...

5.9CVSS7.1AI score0.00158EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:9 a.m.8 views

CVE-2024-56178

An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the securityadminlocal role can create a new user in a group that has the admin role...

6.5CVSS6.9AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.13 views

CVE-2024-25673

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection...

6.1CVSS7AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:4 a.m.7 views

CVE-2023-49930

An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted...

9.8CVSS6.8AI score0.00902EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.5 views

CVE-2023-36667

Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal...

7.5CVSS7AI score0.00998EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:50 a.m.6 views

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

7.5CVSS6.8AI score0.00736EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.9 views

CVE-2023-28470

In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication...

5.3CVSS7AI score0.00629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:24 a.m.9 views

CVE-2023-45874

An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service outage of reader threads...

4.3CVSS6.8AI score0.00755EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:44 a.m.6 views

CVE-2022-32559

An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics...

9.1CVSS6.9AI score0.01249EPSS
Exploits0References1
Rows per page
Query Builder