CVE | Synopsis | Impact (CVSS) | Products | Affects Version | Fix Version | Publish Date |
CVE-2024-37034 |
Credentials are negotiated with KV using SCRAM-SHA when remote link encryption is configured for HALF. SDK will negotiate with SCRAM-SHA by default which allows for a MITM to negotiate for PLAIN credentials. |
Medium (5.9) |
Couchbase Server |
Server 7.6.0, 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.1.x, 7.0.x, 6.x |
Server 7.6.1, 7.2.5 |
July 2024 |
CVE-2024-0519 |
Upgrade v8 to 12.1.285.26. Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
High (8.8) |
Couchbase Server |
Server 7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.1.4, 7.1.3, 7.1.2, 7.1.1, 7.1.0, 7.0.x, 6.x, 5.x, 4.x, 3.x, 2.x |
Server 7.6.2, 7.2.5 |
July 2024 |
CVE-2023-50782 |
Upgrade pyca/cryptography to 42.0.5. A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. |
High (7.5) |
Couchbase Server |
Server 7.6.1, 7.6.0 |
Server 7.6.2, 7.2.5 |
July 2024 |
Comments
0 comments
Please sign in to leave a comment.