CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22190 – Paragon Active Assurance Control Center: Information disclosure vulnerability in crafted URL
https://notcve.org/view.php?id=CVE-2022-22190
14 Apr 2022 — An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application ... • https://kb.juniper.net/JSA69500 • CWE-284: Improper Access Control CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1345 – Stored XSS viva .svg file upload in causefx/organizr
https://notcve.org/view.php?id=CVE-2022-1345
13 Apr 2022 — This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. • https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1346 – Multiple Stored XSS in causefx/organizr
https://notcve.org/view.php?id=CVE-2022-1346
13 Apr 2022 — This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. • https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1344 – Stored XSS due to no sanitization in the filename in causefx/organizr
https://notcve.org/view.php?id=CVE-2022-1344
13 Apr 2022 — This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. • https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22961
https://notcve.org/view.php?id=CVE-2022-22961
13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. • https://www.vmware.com/security/advisories/VMSA-2022-0011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1280 – kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources
https://notcve.org/view.php?id=CVE-2022-1280
13 Apr 2022 — This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. • https://bugzilla.redhat.com/show_bug.cgi?id=2071022 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22559
https://notcve.org/view.php?id=CVE-2022-22559
12 Apr 2022 — An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. • https://www.dell.com/support/kbdoc/000195815 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39809
https://notcve.org/view.php?id=CVE-2021-39809
12 Apr 2022 — This could lead to remote information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2022-04-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39805
https://notcve.org/view.php?id=CVE-2021-39805
12 Apr 2022 — This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. • https://source.android.com/security/bulletin/2022-04-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39803
https://notcve.org/view.php?id=CVE-2021-39803
12 Apr 2022 — This could lead to remote information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2022-04-01 • CWE-416: Use After Free •