CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22572 – Data-transfer-project information disclosure via tmp directory
https://notcve.org/view.php?id=CVE-2021-22572
29 Mar 2022 — On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969 En los sistemas tipo unix, el directorio temporal del sistema se comparte entre todos los us... • https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-22c6-wcjm-qfjg • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-1077 – TEM FLEX-1080/FLEX-1085 Log information disclosure
https://notcve.org/view.php?id=CVE-2022-1077
29 Mar 2022 — A direct request leads to information disclosure of hardware information. • https://github.com/MrEmpy/CVE-2022-1077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0331
https://notcve.org/view.php?id=CVE-2022-0331
29 Mar 2022 — An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220328-sfos-18-5-3 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26280 – libarchive: an out-of-bounds read via the component zipx_lzma_alone_init
https://notcve.org/view.php?id=CVE-2022-26280
28 Mar 2022 — Still, they would most likely result in an application crash or information disclosure that could be used in conjunction with another exploit. • https://github.com/libarchive/libarchive/issues/1672 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 16%CPEs: 6EXPL: 0CVE-2022-0735
https://notcve.org/view.php?id=CVE-2022-0735
28 Mar 2022 — An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0221 – Schneider Electric SCADAPack Workbench isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-0221
28 Mar 2022 — A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. • https://www.se.com/ww/en/download/document/SEVD-2022-087-01 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2022-0494 – kernel: information leak in scsi_ioctl()
https://notcve.org/view.php?id=CVE-2022-0494
25 Mar 2022 — A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=2039448 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3814 – 3scale: missing validation of access token
https://notcve.org/view.php?id=CVE-2021-3814
25 Mar 2022 — This conceivably bypasses access controls and permits unauthorized information disclosure. ... This issue possibly bypasses access controls and permits unauthorized information disclosure. • https://bugzilla.redhat.com/show_bug.cgi?id=2004322 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24782 – Secure category names leaked via user activity export in Discourse
https://notcve.org/view.php?id=CVE-2022-24782
24 Mar 2022 — Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. • https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25571
https://notcve.org/view.php?id=CVE-2022-25571
24 Mar 2022 — ,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors. • https://www.yuque.com/docs/share/a3a6f248-364b-459a-b572-52e7584192ba •