4615 matches found
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
GHSA-9266-J9V3-Q4J5 Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
PYSEC-2022-207
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
Design/Logic Flaw
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
PYSEC-2022-207
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2022-32563
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...
CVE-2022-32563
CVE-2022-32563 affects Couchbase Sync Gateway 3.x before 3.0.2. When configured to authenticate to Couchbase Server with X.509 client certificates, the gateway does not verify admin credentials supplied to the Admin REST API, allowing privilege escalation for unauthenticated users. The issue does...
Couchbase Sync Gateway 信任管理问题漏洞
Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in the Couchbase Sync Gateway version 3.x, prior to version 3.0.2, which stems from the fact that administrator credentials are not validated...
DEBIAN-CVE-2022-31030
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...
AZL-9918 CVE-2022-31030 affecting package moby-containerd for versions less than 1.6.6-1
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory...
Medium: containerd
Issue Overview: A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to...
5 Linux malware families SMBs should protect themselves against
There’s no shortage of reasons why an SMB might use Linux to run their business: There are plenty of distros to choose from, it’s generally free, and perhaps above all — it’s secure. The common wisdom goes that Linux malware is rare, and for the most part this is true. Thanks to its built-in...
CVE-2022-1712
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Malicious code in sync-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4acb1678e3420191321cd1a4385ce0b4bee92a3428a42666620c96fc28a35eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6389 Malicious code in sync-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4acb1678e3420191321cd1a4385ce0b4bee92a3428a42666620c96fc28a35eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
AZL-37071 CVE-2022-1708 affecting package cri-o for versions less than 1.21.7-1
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
Malicious code in sync-colors (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36a88f33209b094f3105a202873bb5e94e4f0053c82ea88e32b3cd1d3f7bea28 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6388 Malicious code in sync-colors (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36a88f33209b094f3105a202873bb5e94e4f0053c82ea88e32b3cd1d3f7bea28 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...