Search Results (363381 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28622 1 Hpe 2 Storeonce 3640, Storeonce 3640 Firmware 2024-11-21 7.5 High
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.
CVE-2022-28621 1 Hpe 1 Nonstop Distributed Systems Management \/ Software Configuration Manager 2024-11-21 7.5 High
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM.
CVE-2022-28620 1 Hpe 10 Cray Ex Supercomputers, Cray Ex Supercomputers Firmware, Cray Sh Supercomputer Air Cooled Base System Code and 7 more 2024-11-21 9.8 Critical
A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers.
CVE-2022-28619 1 Hpe 1 Control Repository Manager 2024-11-21 7.8 High
A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0.
CVE-2022-28618 1 Hpe 4 Nimble Storage All Flash Arrays, Nimble Storage Hybrid Flash Arrays, Nimble Storage Secondary Flash Arrays and 1 more 2024-11-21 9.8 Critical
A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.
CVE-2022-28617 1 Hp 1 Oneview 2024-11-21 9.8 Critical
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-28616 1 Hp 1 Oneview 2024-11-21 9.8 Critical
A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-28614 4 Apache, Fedoraproject, Netapp and 1 more 6 Http Server, Fedora, Clustered Data Ontap and 3 more 2024-11-21 5.3 Medium
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
CVE-2022-28613 2 Abb, Hitachienergy 3 Rtu500 Firmware, Rtu500, Rtu500 Firmware 2024-11-21 7.5 High
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.
CVE-2022-28606 1 Bosscms 1 Bosscms 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.
CVE-2022-28605 3 Apple, Google, Linkplay 3 Iphone Os, Android, Sound Bar 2024-11-21 9.8 Critical
Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory
CVE-2022-28601 1 Lmsdoctor 1 2 Factor Authentication 2024-11-21 6.5 Medium
A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.
CVE-2022-28599 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
CVE-2022-28598 1 Frappe 1 Erpnext 2024-11-21 6.1 Medium
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2022-28590 1 Pixelimity 1 Pixelimity 2024-11-21 7.2 High
A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme.
CVE-2022-28589 1 Pixelimity 1 Pixelimity 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new
CVE-2022-28588 1 Springbootmovie Project 1 Springbootmovie 2024-11-21 5.4 Medium
In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS.
CVE-2022-28586 1 Hoosk 1 Hoosk 2024-11-21 6.1 Medium
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
CVE-2022-28585 1 Phome 1 Empirecms 2024-11-21 9.8 Critical
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
CVE-2022-28584 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.