CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47012
https://notcve.org/view.php?id=CVE-2022-47012
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. Uso de variable no inicializada en la función gen_eth_recv en GNS3 dynamips 0.2.21. • https://github.com/GNS3/dynamips/issues/125 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47512 – Sensitive Data Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-47512
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47512 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38106 – Cross-Site Scripting Vulnerability in Serv-U Web Client
https://notcve.org/view.php?id=CVE-2022-38106
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106 https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35252 – Common Key Vulnerability in Serv-U FTP Server
https://notcve.org/view.php?id=CVE-2021-35252
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. Parece que se utiliza una clave de cifrado común en todas las instancias implementadas del Serv-U FTP Server. Debido a esto, un valor cifrado que está expuesto a un atacante se puede recuperar simplemente en texto plano. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35252 https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35252 • CWE-287: Improper Authentication CWE-798: Use of Hard-coded Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35246 – Unprotected Transport of Credentials (HSTS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-35246
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. La aplicación no impide que los usuarios se conecten a ella a través de conexiones no cifradas. Un atacante capaz de modificar el tráfico de red de un usuario legítimo podría evitar el uso de cifrado SSL/TLS por parte de la aplicación y utilizar la aplicación como plataforma para ataques contra sus usuarios. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246 https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246 • CWE-319: Cleartext Transmission of Sensitive Information •