CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-28837 – Adobe Acrobat Pro DC Doc buttonSetIcon Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-28837
10 May 2022 — Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Pro DC versiones 22.001.2011x (y anteriores), 20.005.3033x (y anteriores) y 17.012.3022x (y anteriores), están afecta... • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23802 – Extension - Insecure Permissions within Joomla Guru extensions
https://notcve.org/view.php?id=CVE-2022-23802
06 May 2022 — Information disclosure Access to private information and components, possibility to view other users' information. • https://guru.ijoomla.com/changelog • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24099 – Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-24099
06 May 2022 — Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe Photoshop versiones 22.5.6 (y anteriores) y 23.2.2 (y anteriores), están afectadas por una vulnerabilidad de lectura fuera de límites que podría conlleva... • https://helpx.adobe.com/security/products/photoshop/apsb22-20.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 2CVE-2022-24823 – Local Information Disclosure Vulnerability in io.netty:netty-codec-http
https://notcve.org/view.php?id=CVE-2022-24823
06 May 2022 — When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. ... When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled. • https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1 • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29500
https://notcve.org/view.php?id=CVE-2022-29500
05 May 2022 — SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXLOI3ERTKMZR2KWNRN7OR5S55VPWENH •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39020
https://notcve.org/view.php?id=CVE-2021-39020
05 May 2022 — This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213855 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20734 – Cisco SD-WAN vManage Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20734
04 May 2022 — A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. Una vulnerabilidad en el software Cisco SD-WAN vManage... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmge-infodc-WPSkAMhp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-25780 – Information leak via device availability query function
https://notcve.org/view.php?id=CVE-2022-25780
04 May 2022 — Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. Una vulnerabilidad de exposición de información en la Interfaz de Usuario Web de Secomea GateManager permite al usuario que ha iniciado la sesión consultar dispositivos fuera de su ámbito • https://www.secomea.com/support/cybersecurity-advisory • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 46EXPL: 0CVE-2022-20104
https://notcve.org/view.php?id=CVE-2022-20104
03 May 2022 — In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 •
CVSS: 4.4EPSS: 0%CPEs: 46EXPL: 0CVE-2022-20103
https://notcve.org/view.php?id=CVE-2022-20103
03 May 2022 — In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •