CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4180 – openstack-tripleo-heat-templates: data leak of internal URL through keystone_authtoken
https://notcve.org/view.php?id=CVE-2021-4180
23 Mar 2022 — An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1. Un fallo de exposición de información en openstack-tripleo-heat-templates permit... • https://bugzilla.redhat.com/show_bug.cgi?id=2035793 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2022-0854 – kernel: swiotlb information leak with DMA_FROM_DEVICE
https://notcve.org/view.php?id=CVE-2022-0854
23 Mar 2022 — A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 1%CPEs: 138EXPL: 0CVE-2022-24292 – HP LaserJet Pro MFP M283fdw CFF Font Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-24292
23 Mar 2022 — Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. • https://support.hp.com/us-en/document/ish_5950417-5950443-16 •
CVSS: 7.8EPSS: 0%CPEs: 138EXPL: 0CVE-2022-24291 – HP LaserJet Pro MFP M283fdw ScanJobs Memory Corruption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-24291
23 Mar 2022 — Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. • https://support.hp.com/us-en/document/ish_5950417-5950443-16 •
CVSS: 10.0EPSS: 1%CPEs: 138EXPL: 0CVE-2022-24293 – HP LaserJet Pro MFP M283fdw eContactRestore Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24293
23 Mar 2022 — Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. • https://support.hp.com/us-en/document/ish_5950417-5950443-16 •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2022-27645 – NETGEAR R6700v3 readycloud_control.cgi Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-27645
23 Mar 2022 — This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 • CWE-306: Missing Authentication for Critical Function CWE-697: Incorrect Comparison •
CVSS: 10.0EPSS: 42%CPEs: 3EXPL: 0CVE-2022-23123 – Netatalk getdirparams Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-23123
23 Mar 2022 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 41%CPEs: 3EXPL: 0CVE-2022-23124 – Netatalk get_finderinfo Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-23124
23 Mar 2022 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 37%CPEs: 5EXPL: 1CVE-2022-26148 – grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix
https://notcve.org/view.php?id=CVE-2022-26148
21 Mar 2022 — An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. Se ha detectado un problema en Grafana versiones hasta 7.3.4, cuando es integrado con Zabbix. La contraseña de Zabbix puede encontrarse en el códi... • https://2k8.org/post-319.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1004 – Information disclosure in the External Interface
https://notcve.org/view.php?id=CVE-2022-1004
21 Mar 2022 — Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. La hora contabilizada es mostrada en la Visualización Detallada del Ticket (Interfaz Externa), incluso si ExternalFrontend::TicketDetailView###AccountedTimeDisplay está deshabilitado • https://otrs.com/release-notes/otrs-security-advisory-2022-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •