CVE-2026-28377 vulnerabilities

Vulnerabilities for packages: grafana...

CVE-2026-28377 vulnerabilities

Vulnerabilities for packages: grafana, commercial-grafana, grafana-fips...

CVE-2026-28377 S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern)

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

EUVD-2022-28377

Malicious code in bioql PyPI...

CVE-2022-28377

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of th...

CVE-2021-28377

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files...

Oracle Linux 8 : git-lfs (ELSA-2024-3346)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3346 advisory. 3.4.1-2 - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 3.4.1-1 - Update to version 3.4.1 - Resolves: RHEL-17102...

CVE-2023-28377

Improper authentication in some IntelR NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-28377

Improper authentication in some IntelR NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-28377

CVE-2023-28377 affects Intel NUC Kit NUC11PH USB firmware installation software for Windows, with an improper authentication flaw that could allow an authenticated local user to escalate privileges. The issue targets the NUC11PH USB firmware installation tool prior to version 1.1. The NVD entry l...

CVE-2022-28377

Affected: Verizon 5G Home LVSKIHP IDU 3.4.66.162 and ODU 3.33.101.0. Root cause: CRTC/ODU RPC endpoints rely on a static account username/password for access control, and the password can be generated via a firmware binary after determining the IDU’s base Ethernet MAC and setting DEVICE_MANUFACTU...

CVE-2021-28377

creationtimestamp| type| source ---|---|--- 2022-01-12 20:17:20+00:00| seen| https://t.me/cibsecurity/35346...

CVE-2021-28377

CVE-2021-28377 : ChronoForums 2.0.11 is vulnerable to local file inclusion via path traversal in the avatar function, enabling an attacker to read arbitrary files (e.g., configuration files containing credentials). Affected product: ChronoForums/Joomla extension. Root cause: unauthenticated path ...