CVSS: 4.4EPSS: 0%CPEs: 46EXPL: 0CVE-2022-20098
https://notcve.org/view.php?id=CVE-2022-20098
03 May 2022 — In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-862: Missing Authorization •
CVSS: 4.7EPSS: 0%CPEs: 46EXPL: 0CVE-2022-20097
https://notcve.org/view.php?id=CVE-2022-20097
03 May 2022 — In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2022-20096
https://notcve.org/view.php?id=CVE-2022-20096
03 May 2022 — In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2022-20092
https://notcve.org/view.php?id=CVE-2022-20092
03 May 2022 — This could lead to local information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23400
https://notcve.org/view.php?id=CVE-2022-23400
03 May 2022 — A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1465 • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20744 – Cisco Firepower Management Center Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20744
03 May 2022 — A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attack... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infdisc-guJWRwQu • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-20742 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPsec IKEv2 VPN Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20742
03 May 2022 — A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN t... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipsec-mitm-CKnLr4 • CWE-325: Missing Cryptographic Step •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42001 – PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure
https://notcve.org/view.php?id=CVE-2021-42001
30 Apr 2022 — PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. • https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 0CVE-2022-1353 – kernel: kernel info leak issue in pfkey_register
https://notcve.org/view.php?id=CVE-2022-1353
29 Apr 2022 — This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. • https://bugzilla.redhat.com/show_bug.cgi?id=2066819 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 2CVE-2022-1227 – psgo: Privilege escalation in 'podman top'
https://notcve.org/view.php?id=CVE-2022-1227
29 Apr 2022 — This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. • https://github.com/iridium-soda/CVE-2022-1227_Exploit • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions •