CVSS: 5.5EPSS: 0%CPEs: 46EXPL: 0CVE-2022-20101
https://notcve.org/view.php?id=CVE-2022-20101
03 May 2022 — In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.4EPSS: 0%CPEs: 46EXPL: 0CVE-2022-20100
https://notcve.org/view.php?id=CVE-2022-20100
03 May 2022 — In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-862: Missing Authorization •
CVSS: 4.4EPSS: 0%CPEs: 46EXPL: 0CVE-2022-20098
https://notcve.org/view.php?id=CVE-2022-20098
03 May 2022 — In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-862: Missing Authorization •
CVSS: 4.7EPSS: 0%CPEs: 46EXPL: 0CVE-2022-20097
https://notcve.org/view.php?id=CVE-2022-20097
03 May 2022 — In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2022-20096
https://notcve.org/view.php?id=CVE-2022-20096
03 May 2022 — In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2022-20092
https://notcve.org/view.php?id=CVE-2022-20092
03 May 2022 — This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23400
https://notcve.org/view.php?id=CVE-2022-23400
03 May 2022 — A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1465 • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20744 – Cisco Firepower Management Center Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20744
03 May 2022 — A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attack... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infdisc-guJWRwQu • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-20742 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20742
03 May 2022 — A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN t... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipsec-mitm-CKnLr4 • CWE-325: Missing Cryptographic Step •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42001 – PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure
https://notcve.org/view.php?id=CVE-2021-42001
30 Apr 2022 — PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. • https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html • CWE-310: Cryptographic Issues •