‼ CVE-2022-37903 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37920 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4243 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in claviska jquery-minicolors up to 2.3.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the file jquery.minicolors.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.3.6 is able to address this issue. The name of the patch is ef134824a7f4110ada53ea6c173111a4fa2f48f3. It is recommended to upgrade the affected component. VDB-215306 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37924 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1038 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22488 ‼
📖 Read
via "National Vulnerability Database".
IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44650 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44654 ‼
📖 Read
via "National Vulnerability Database".
Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42445 ‼
📖 Read
via "National Vulnerability Database".
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37926 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38656 ‼
📖 Read
via "National Vulnerability Database".
HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4421 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 8a39b2b2bf28353b3503ff1421862393db15aa7e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215304.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37927 ‼
📖 Read
via "National Vulnerability Database".
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37929 ‼
📖 Read
via "National Vulnerability Database".
Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38395 ‼
📖 Read
via "National Vulnerability Database".
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45970 ‼
📖 Read
via "National Vulnerability Database".
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37930 ‼
📖 Read
via "National Vulnerability Database".
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44647 ‼
📖 Read
via "National Vulnerability Database".
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43518 ‼
📖 Read
via "National Vulnerability Database".
An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37932 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44532 ‼
📖 Read
via "National Vulnerability Database".
An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".