4537 matches found
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
Design/Logic Flaw
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
PYSEC-2022-207
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
PYSEC-2022-207
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2022-32563
CVE-2022-32563 affects Couchbase Sync Gateway 3.x before 3.0.2. When configured to authenticate to Couchbase Server with X.509 client certificates, the gateway does not verify admin credentials supplied to the Admin REST API, allowing privilege escalation for unauthenticated users. The issue does...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
Couchbase Sync Gateway 信任管理问题漏洞
Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in the Couchbase Sync Gateway version 3.x, prior to version 3.0.2, which stems from the fact that administrator credentials are not validated...
AZL-9918 CVE-2022-31030 affecting package moby-containerd for versions less than 1.6.6-1
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...
DEBIAN-CVE-2022-31030
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...
Medium: containerd
Issue Overview: A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to...
5 Linux malware families SMBs should protect themselves against
There’s no shortage of reasons why an SMB might use Linux to run their business: There are plenty of distros to choose from, it’s generally free, and perhaps above all — it’s secure. The common wisdom goes that Linux malware is rare, and for the most part this is true. Thanks to its built-in...
CVE-2022-1712
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
MAL-2022-6389 Malicious code in sync-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4acb1678e3420191321cd1a4385ce0b4bee92a3428a42666620c96fc28a35eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sync-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4acb1678e3420191321cd1a4385ce0b4bee92a3428a42666620c96fc28a35eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
AZL-37071 CVE-2022-1708 affecting package cri-o for versions less than 1.21.7-1
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
MAL-2022-6388 Malicious code in sync-colors (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36a88f33209b094f3105a202873bb5e94e4f0053c82ea88e32b3cd1d3f7bea28 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sync-colors (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36a88f33209b094f3105a202873bb5e94e4f0053c82ea88e32b3cd1d3f7bea28 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ASB-A-209438553
In finishLsImpl of filesyncclient.cpp, there is a possible way to access host's files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2022-1359 · Unknown · File Sync Client
Name of the Vulnerable Software and Affected Versions: file sync client affected versions not specified Description: The issue is related to a path traversal error in the finishLsImpl function of file sync client.cpp. This error could allow access to the host's files, potentially leading to local...