Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28166 | 1 Broadcom | 1 Sannav | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | |||||
| CVE-2022-31068 | 1 Glpi-project | 1 Glpi | 2022-07-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade. | |||||
| CVE-2020-9754 | 1 Navercorp | 1 Whale | 2022-07-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. | |||||
| CVE-2022-28619 | 1 Hpe | 1 Control Repository Manager | 2022-07-06 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0. | |||||
| CVE-2022-2104 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). | |||||
| CVE-2022-32997 | 1 Pypi | 1 Rootinteractive | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-32996 | 1 Pypi | 1 Django-navbar-client | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-32998 | 1 Pypi | 1 Cryptoasset-data-downloader | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33003 | 1 Pypi | 1 Watools | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33002 | 1 Pypi | 1 Explore | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33000 | 1 Pypi | 1 Ml-scanner | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33001 | 1 Pypi | 1 Aamiles | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-32999 | 1 Pypi | 1 Cloudlabeling | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33004 | 1 Pypi | 1 Beginner | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34055 | 1 Pypi | 1 Drxhello | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34054 | 1 Pypi | 1 Perdido | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34053 | 1 Pypi | 1 Dr-web-engine | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34056 | 1 Pypi | 1 Watertools | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2016-3471 | 3 Mariadb, Oracle, Redhat | 3 Mariadb, Mysql, Enterprise Linux | 2022-07-05 | 6.2 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. | |||||
| CVE-2022-32552 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2022-07-05 | 9.0 HIGH | 8.8 HIGH |
| Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | |||||