CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

52 matches found

Veracode•added 2024/04/30 8:6 a.m.•18 views

Privilege Escalation

couchbase is vulnerable to Privilege Escalation. The vulnerability is due to improper verification of admin credentials when Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, which could result in privilege escalation for unauthenticated users...

9.8CVSS7.6AI score0.00745EPSS

Exploits0References5Affected Software1

OSV•added 2022/06/11 12:0 a.m.•13 views

GHSA-9266-J9V3-Q4J5 Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

9.8CVSS9.8AI score0.00745EPSS

Exploits0References5

Github Security Blog•added 2022/06/11 12:0 a.m.•26 views

Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication

9.8CVSS7.5AI score0.00745EPSS

Exploits0References6Affected Software1

OSV•added 2022/06/10 12:15 p.m.•1 views

CVE-2022-32563

9.8CVSS5.8AI score0.00745EPSS

Exploits0References2

NVD•added 2022/06/10 12:15 p.m.•37 views

CVE-2022-32563

9.8CVSS0.00745EPSS

Exploits0References2

OSV•added 2022/06/10 12:15 p.m.•59 views

PYSEC-2022-207

9.8CVSS3.1AI score0.00745EPSS

Exploits0References3

PyPA•added 2022/06/10 12:15 p.m.•6 views

PYSEC-2022-207

9.8CVSS7.5AI score0.00745EPSS

Exploits0References3Affected Software1

Prion•added 2022/06/10 12:15 p.m.•20 views

Design/Logic Flaw

6.8CVSS9.7AI score0.00745EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/06/10 11:57 a.m.•36 views

CVE-2022-32563

10AI score0.00745EPSS

Exploits0References2

CVE•added 2022/06/10 11:57 a.m.•412 views

CVE-2022-32563

CVE-2022-32563 affects Couchbase Sync Gateway 3.x before 3.0.2. When configured to authenticate to Couchbase Server with X.509 client certificates, the gateway does not verify admin credentials supplied to the Admin REST API, allowing privilege escalation for unauthenticated users. The issue does...

9.8CVSS9.8AI score0.00745EPSS

Exploits0References2Affected Software1

CNNVD•added 2022/06/10 12:0 a.m.•16 views

Couchbase Sync Gateway 信任管理问题漏洞

Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in the Couchbase Sync Gateway version 3.x, prior to version 3.0.2, which stems from the fact that administrator credentials are not validated...

9.8CVSS8.2AI score0.00745EPSS

Exploits0References3

Citrix•added 2022/02/25 12:0 a.m.•5 views

Active Sync Gateway Connector isn't working with new devices since Update to 10.14 RP4

After upgrading from 10.14 RP3 - 10.14 RP4 any new enrolled device can't access to our Exchange Server via Active Sync Connector. After rebooting XenMobile server during the update process, we observe errors in the RemoteConfigService.log file as follows: Error |...

7AI score

Exploits0

OSV•added 2022/02/15 1:57 a.m.•22 views

GHSA-G622-R636-QFQH SQL Injection in Couchbase Sync Gateway

The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters ?startkey? and ?endkey? of the...

9.8CVSS9.4AI score0.02741EPSS

Exploits1References5

Github Security Blog•added 2022/02/15 1:57 a.m.•31 views

SQL Injection in Couchbase Sync Gateway

9.8CVSS8.7AI score0.02741EPSS

Exploits1References6Affected Software1

OSV•added 2021/12/07 10:15 p.m.•2 views

CVE-2021-43963

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain writ...

8.1CVSS7.3AI score0.00501EPSS

Exploits0References1

NVD•added 2021/12/07 10:15 p.m.•15 views

CVE-2021-43963

8.1CVSS0.00501EPSS

Exploits0References1

Prion•added 2021/12/07 10:15 p.m.•16 views

Design/Logic Flaw

5.5CVSS7.6AI score0.00501EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/12/07 9:5 p.m.•14 views

CVE-2021-43963

7.9AI score0.00501EPSS

Exploits0References1

CVE•added 2021/12/07 9:5 p.m.•46 views

CVE-2021-43963

CVE-2021-43963 affects Couchbase Sync Gateway 2.7.0–2.8.2. The bucket credentials used to read/write data were insecurely stored in metadata within Sync Gateway’s bucket sync documents. A user with read access could leverage those credentials to obtain write access to the Couchbase Server. The is...

8.1CVSS7.7AI score0.00501EPSS

Exploits0References1Affected Software1

CNNVD•added 2021/12/07 12:0 a.m.•3 views

Couchbase Sync Gateway信息泄露漏洞

Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in Couchbase Sync Gateway 2.7.0 through 2.8.2, which stems from the fact that the bucket credentials used to read and write data in Couchbase...

8.1CVSS7.7AI score0.00501EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by