CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23942 – Apache Doris hardcoded cryptography initialization
https://notcve.org/view.php?id=CVE-2022-23942
26 Apr 2022 — Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. • http://www.openwall.com/lists/oss-security/2022/04/26/2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 2CVE-2022-1442 – Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2022-1442
23 Apr 2022 — The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. • https://github.com/RandomRobbieBF/CVE-2022-1442 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2022-1016 – kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
https://notcve.org/view.php?id=CVE-2022-1016
21 Apr 2022 — This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. • http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016 • CWE-824: Access of Uninitialized Pointer CWE-909: Missing Initialization of Resource •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-21486 – Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-21486
19 Apr 2022 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks... • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-21485 – Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-21485
19 Apr 2022 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks... • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-21484 – Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-21484
19 Apr 2022 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks... • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 9.8EPSS: 30%CPEs: 2EXPL: 7CVE-2022-1386 – Fusion Builder < 3.6.2 - Unauthenticated SSRF
https://notcve.org/view.php?id=CVE-2022-1386
19 Apr 2022 — This makes it possible for unauthenticated attackers to interact with internal network hosts via specially crafted requests and can lead to sensitive information disclosure on certain configurations such as AWS. • https://github.com/ardzz/CVE-2022-1386 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 1%CPEs: 64EXPL: 3CVE-2022-29457 – ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure
https://notcve.org/view.php?id=CVE-2022-29457
18 Apr 2022 — Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. Zoho ManageEngine ADSelfService Plus versiones anteriores a 6121, ADAuditPlus versión 7060, Exchange Reporter Plus versión 5701, y ADManagerPlus versión 7131, permiten una divulgación de NTLM Hash durante determinados pasos de configuración de la ruta de almacenamiento ManageEngine ADSelfService Plus build 6118 suf... • https://docs.unsafe-inline.com/0day/multiple-manageengine-applications-critical-information-disclosure-vulnerability • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25163 – OSIsoft PI Vision Cross-site Scripting
https://notcve.org/view.php?id=CVE-2020-25163
18 Apr 2022 — Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. • https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4917
https://notcve.org/view.php?id=CVE-2011-4917
18 Apr 2022 — In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. • https://lkml.org/lkml/2011/11/7/340 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •