CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28364 – Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2022-28364
08 Apr 2022 — Es requerida autenticación Reprise License Manager version 14.2 suffers from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 5%CPEs: 1EXPL: 2CVE-2022-28365 – Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2022-28365
08 Apr 2022 — Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. ... La información divulgada está asociada a versiones de software, IDs de procesos, configuración de red, nombre(s) de host, arquitectura del sistema y detalles de archivos/directorios Reprise License Manager version 14.2 suffers from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27818
https://notcve.org/view.php?id=CVE-2022-27818
07 Apr 2022 — There can be an information leak or denial of service. • http://www.openwall.com/lists/oss-security/2022/04/14/1 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27819
https://notcve.org/view.php?id=CVE-2022-27819
07 Apr 2022 — An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device). • http://www.openwall.com/lists/oss-security/2022/04/14/1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2022-20782 – Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20782
06 Apr 2022 — A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-info-exp-YXAWYP3s • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0806
https://notcve.org/view.php?id=CVE-2022-0806
05 Apr 2022 — Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27177
https://notcve.org/view.php?id=CVE-2022-27177
01 Apr 2022 — A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 Un problema de cadena de formato de Python que conllevaba a una divulgación de información y una posible ejecución de código remota en ConsoleMe para todas las versiones anteriores a 1.2.2 • https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23158
https://notcve.org/view.php?id=CVE-2022-23158
01 Apr 2022 — Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. • https://www.dell.com/support/kbdoc/000196005 • CWE-183: Permissive List of Allowed Inputs CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23157
https://notcve.org/view.php?id=CVE-2022-23157
01 Apr 2022 — Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. • https://www.dell.com/support/kbdoc/000196005 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39754
https://notcve.org/view.php?id=CVE-2021-39754
30 Mar 2022 — In ContextImpl, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/android-12l • CWE-203: Observable Discrepancy •