Skip to main content

Sync Gateway

4 CVEs product

Monthly

CVE-2022-32563 PyPI CRITICAL PATCH Act Now

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Sync Gateway
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-43963 HIGH This Week

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sync Gateway
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-9041 HIGH This Week

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server Sync Gateway
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-9039 Go CRITICAL POC PATCH Act Now

In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Denial Of Service Information Disclosure Sync Gateway
NVD
CVSS 3.0
9.8
EPSS
2.7%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Sync Gateway
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sync Gateway
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server Sync Gateway
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Denial Of Service Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy