CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30702 – Trend Micro Internet Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30702
27 May 2022 — Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. • https://helpcenter.trendmicro.com/en-us/article/tmka-11022 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29091
https://notcve.org/view.php?id=CVE-2022-29091
26 May 2022 — Exploitation may lead to information disclosure, session theft, or client-side request forgery. • https://www.dell.com/support/kbdoc/000199446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2022-36982 – Ivanti Avalanche AgentTaskHandler Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-36982
26 May 2022 — This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to ... • https://download.wavelink.com/Files/avalanche_v6.3.4_release_notes.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27169
https://notcve.org/view.php?id=CVE-2022-27169
25 May 2022 — An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1494 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26067
https://notcve.org/view.php?id=CVE-2022-26067
25 May 2022 — An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22977
https://notcve.org/view.php?id=CVE-2022-22977
24 May 2022 — A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. • https://www.vmware.com/security/advisories/VMSA-2022-0015.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-29567 – Possible information disclosure inside TreeGrid component with default data provider
https://notcve.org/view.php?id=CVE-2022-29567
24 May 2022 — The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side. • https://github.com/vaadin/flow-components/pull/3046 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28991
https://notcve.org/view.php?id=CVE-2022-28991
20 May 2022 — Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. • https://packetstormsecurity.com/files/166590/Multi-Store-Inventory-Management-System-1.0-Information-Disclosure.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4107 – HCL Domino is affected by an Insufficient Access Control vulnerability
https://notcve.org/view.php?id=CVE-2020-4107
19 May 2022 — An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0090221 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-30990 – Sensitive information disclosure due to insecure folder permissions
https://notcve.org/view.php?id=CVE-2022-30990
18 May 2022 — Sensitive information disclosure due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-2299 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •