Search Results (363303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-32565 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.
CVE-2022-32564 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
CVE-2022-32563 1 Couchbase 1 Sync Gateway 2024-11-21 9.8 Critical
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.
CVE-2022-32562 1 Couchbase 1 Couchbase Server 2024-11-21 8.8 High
An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.
CVE-2022-32561 1 Couchbase 1 Couchbase Server 2024-11-21 4.9 Medium
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network.
CVE-2022-32560 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.
CVE-2022-32559 1 Couchbase 1 Couchbase Server 2024-11-21 9.1 Critical
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
CVE-2022-32558 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure.
CVE-2022-32557 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.
CVE-2022-32556 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.
CVE-2022-32554 1 Purestorage 2 Purity\/\/fa, Purity\/\/fb 2024-11-21 9.8 Critical
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
CVE-2022-32553 1 Purestorage 2 Purity\/\/fa, Purity\/\/fb 2024-11-21 8.8 High
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
CVE-2022-32552 1 Purestorage 2 Purity\/\/fa, Purity\/\/fb 2024-11-21 8.8 High
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
CVE-2022-32551 1 Zohocorp 1 Manageengine Servicedesk Plus Msp 2024-11-21 7.5 High
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
CVE-2022-32550 1 1password 6 1password, 1password In The Browser, Command-line and 3 more 2024-11-21 4.8 Medium
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.
CVE-2022-32549 1 Apache 2 Sling Api, Sling Commons Log 2024-11-21 5.3 Medium
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.
CVE-2022-32548 1 Draytek 136 Vigor1000b, Vigor1000b Firmware, Vigor165 and 133 more 2024-11-21 10 Critical
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
CVE-2022-32547 3 Fedoraproject, Imagemagick, Redhat 3 Fedora, Imagemagick, Enterprise Linux 2024-11-21 7.8 High
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
CVE-2022-32546 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-11-21 7.8 High
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVE-2022-32545 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-11-21 7.8 High
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.