CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28924
https://notcve.org/view.php?id=CVE-2022-28924
18 May 2022 — An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. • https://suumcuique.org/blog/posts/information-disclosure-vulnerability-universis • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-42848
https://notcve.org/view.php?id=CVE-2021-42848
18 May 2022 — An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. • https://iknow.lenovo.com.cn/detail/dc_200017.html • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1659 – JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service
https://notcve.org/view.php?id=CVE-2022-1659
18 May 2022 — Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack. Las versiones vulnerables del plugin JupiterX Core (versiones anteriores a 2.0.6 incluyéndola) registran ... • https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35249 – Domain Admin Broken Access Control
https://notcve.org/view.php?id=CVE-2021-35249
17 May 2022 — This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-1_release_notes.htm • CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28182
https://notcve.org/view.php?id=CVE-2022-28182
17 May 2022 — NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5353 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23671
https://notcve.org/view.php?id=CVE-2022-23671
17 May 2022 — A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-26698 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-26698
17 May 2022 — An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. Se abordó un problema de lectura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4 y macOS Big Sur ver... • https://support.apple.com/en-us/HT213255 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-26697 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-26697
17 May 2022 — An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. Se abordó un problema de lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4, macOS Big Sur ver... • https://support.apple.com/en-us/HT213255 • CWE-125: Out-of-bounds Read •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28183
https://notcve.org/view.php?id=CVE-2022-28183
17 May 2022 — NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5353 • CWE-125: Out-of-bounds Read •
CVSS: 9.9EPSS: 0%CPEs: 7EXPL: 0CVE-2022-28181
https://notcve.org/view.php?id=CVE-2022-28181
17 May 2022 — NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5353 • CWE-787: Out-of-bounds Write •