Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28622 | 1 Hpe | 2 Storeonce 3640, Storeonce 3640 Firmware | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. | |||||
CVE-2022-28168 | 1 Broadcom | 1 Sannav | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | |||||
CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2022-07-07 | 4.0 MEDIUM | 6.5 MEDIUM |
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | |||||
CVE-2022-28166 | 1 Broadcom | 1 Sannav | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | |||||
CVE-2022-31082 | 1 Glpi-project | 1 Glpi Inventory | 2022-07-07 | 7.5 HIGH | 9.8 CRITICAL |
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. | |||||
CVE-2021-40944 | 1 Gpac | 1 Gpac | 2022-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). | |||||
CVE-2022-31057 | 1 Shopware | 1 Shopware | 2022-07-07 | 3.5 LOW | 5.4 MEDIUM |
Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2021-40553 | 1 Piwigo | 1 Piwigo | 2022-07-07 | 6.5 MEDIUM | 8.8 HIGH |
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | |||||
CVE-2022-0085 | 1 Dompdf Project | 1 Dompdf | 2022-07-07 | 4.3 MEDIUM | 5.3 MEDIUM |
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | |||||
CVE-2022-31039 | 1 Bigbluebutton | 1 Greenlight | 2022-07-07 | 5.0 MEDIUM | 5.3 MEDIUM |
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in release version 2.12.6. | |||||
CVE-2021-41460 | 1 Shopex | 1 Ecshop | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. | |||||
CVE-2022-31036 | 1 Linuxfoundation | 1 Argo-cd | 2022-07-07 | 4.0 MEDIUM | 4.3 MEDIUM |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround. | |||||
CVE-2014-8113 | 2022-07-07 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. | |||||
CVE-2014-7854 | 2022-07-07 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. | |||||
CVE-2014-3918 | 2022-07-07 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. | |||||
CVE-2014-3705 | 2022-07-07 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. | |||||
CVE-2014-3658 | 2022-07-07 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. | |||||
CVE-2014-3644 | 2022-07-07 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. | |||||
CVE-2022-31035 | 1 Linuxfoundation | 1 Argo-cd | 2022-07-07 | 3.5 LOW | 5.4 MEDIUM |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. | |||||
CVE-2022-31034 | 1 Linuxfoundation | 1 Argo-cd | 2022-07-07 | 6.8 MEDIUM | 8.1 HIGH |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. |