CVE-2022-40494 NPS before v0.26.10 had an authentication bypass vulnerability that constantly generated and sent the Auth key and Timestamp parameters.
This can be leveraged to bypass authentication and obtain sensitive information such as user names, email addresses, and other login details.
NPS before v0.26.
CVE-2022-42250 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
An attacker can send a special SQL query to obtain sensitive information such as users’ names, email addresses, or other information.
The application does not
CVE-2022-42249 The Cold Storage Management System v1.0 is vulnerable to SQL injection. a>/csms/admin/storages/view_storage.php?id=/a>
An attacker can inject malicious script code via the value of the storage_id parameter to execute arbitrary SQL commands. In addition, the /csms/admin/
CVE-2022-39273 The control plane for the data processing platform Flyte is FlyteAdmin. Users who enable the default Flyte's authorization server are exposed to the public internet.
Users who have changed the ExternalAuthorizationServer setting in the config or have overridden it in their Flyte Admin’s settings will not be vulnerable to
CVE-2022-40895 An unauthenticated, remote attacker could exploit a vulnerability in Nedi products to affect the integrity of a device.
However, this issue has already been fixed in version 1.0.8 of NeDi. This issue has been assigned the CVE-2018-14632 rating. However,
Episode
00:00:00
00:00:00