CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4536 matches found

CVE•added 2021/12/07 9:5 p.m.•41 views

CVE-2021-43963

CVE-2021-43963 affects Couchbase Sync Gateway 2.7.0–2.8.2. The bucket credentials used to read/write data were insecurely stored in metadata within Sync Gateway’s bucket sync documents. A user with read access could leverage those credentials to obtain write access to the Couchbase Server. The is...

8.1CVSS7.7AI score0.00237EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/12/07 9:5 p.m.•11 views

CVE-2021-43963

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain writ...

7.9AI score0.00237EPSS

Exploits0References1

CNNVD•added 2021/12/07 12:0 a.m.•3 views

Couchbase Sync Gateway信息泄露漏洞

Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in Couchbase Sync Gateway 2.7.0 through 2.8.2, which stems from the fact that the bucket credentials used to read and write data in Couchbase...

8.1CVSS7.7AI score0.00237EPSS

Exploits0References2

Microsoft KB•added 2021/12/01 12:0 a.m.•9 views

Azure File Sync Agent v14.1 Release - December 2021

Azure File Sync Agent v14.1 Release - December 2021 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v14.1 release that is dated December 2021. Additionally, this article contains installation instructions for this release. Improvements and issues tha...

7.1AI score

Exploits0

OSV•added 2021/12/01 12:0 a.m.•19 views

ASB-A-179338675

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges...

5.5CVSS5.3AI score0.00009EPSS

Exploits0References1

OSV•added 2021/11/29 2:38 a.m.•14 views

UVI-2021-1002314 i40e: Fix NULL ptr dereference on VSI filter sync

i40e: Fix NULL ptr dereference on VSI filter sync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...

7.2AI score

Exploits0

OSV•added 2021/11/29 2:38 a.m.•5 views

GSD-2021-1002314 i40e: Fix NULL ptr dereference on VSI filter sync

7.2AI score

Exploits0

OSV•added 2021/11/29 2:36 a.m.•9 views

UVI-2021-1002282 i40e: Fix NULL ptr dereference on VSI filter sync

7.2AI score

Exploits0

OSV•added 2021/11/29 2:36 a.m.•5 views

GSD-2021-1002282 i40e: Fix NULL ptr dereference on VSI filter sync

7.2AI score

Exploits0

OSV•added 2021/11/29 2:35 a.m.•12 views

UVI-2021-1002260 i40e: Fix NULL ptr dereference on VSI filter sync

7.2AI score

Exploits0

OSV•added 2021/11/29 2:35 a.m.•10 views

UVI-2021-1002248 i40e: Fix NULL ptr dereference on VSI filter sync

7.2AI score

Exploits0

OSV•added 2021/11/29 2:35 a.m.•10 views

GSD-2021-1002248 i40e: Fix NULL ptr dereference on VSI filter sync

7.2AI score

Exploits0

OSV•added 2021/11/29 2:34 a.m.•11 views

GSD-2021-1002237 i40e: Fix NULL ptr dereference on VSI filter sync

7.2AI score

Exploits0

OSV•added 2021/11/19 11:3 a.m.•2 views

OESA-2021-1434 gfbgraph security update

GLib/GObject wrapper for the Facebook Graph API. Security Fixes: In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to...

5.9CVSS6.9AI score0.00219EPSS

Exploits0References2

RedHat Linux•added 2021/11/09 5:52 p.m.•2 views

linuxptp: wrong length of one-step follow-up in transparent clock

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to...

7.1CVSS5.8AI score0.0072EPSS

Exploits0References4

Brave Browser•added 2021/11/09 11:32 a.m.•7 views

Brave Android 1.31.91 Security Fixes

Clarified sync setup instructions...

5.8AI score

Exploits0References2Affected Software1

Code423n4•added 2021/10/30 12:0 a.m.•8 views

The design of wibBTC is not fully compatible with the current Curve StableSwap pool

Handle WatchPug Vulnerability details Per the documentation, wibBTC is designed for a Curve StableSwap pool. However, the design of wibBTC makes the balances change dynamically and automatically. This is unusual for an ERC20 token, and it's not fully compatible with the current Curve StableSwap...

6.6AI score

Exploits0

Microsoft KB•added 2021/10/29 12:0 a.m.•13 views

Azure File Sync Agent v14 Release – October 2021

Azure File Sync Agent v14 Release – October 2021 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v14 release that is dated October 2021. Additionally, this article contains installation instructions for this release. Improvements and issues that are...

6.4AI score

Exploits0