CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26267
https://notcve.org/view.php?id=CVE-2022-26267
18 Mar 2022 — Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. • https://github.com/JCCD/Vul/blob/main/Piwigo_12.2.0_InforMation_Disclosure.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 36EXPL: 0CVE-2020-25180 – Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2020-25180
18 Mar 2022 — A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2020-25184 – Rockwell Automation ISaGRAF5 Runtime Unprotected Storage of Credentials
https://notcve.org/view.php?id=CVE-2020-25184
18 Mar 2022 — A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22571 – Information Leak in SA360-webquery-bigquery through read on /tmp
https://notcve.org/view.php?id=CVE-2021-22571
18 Mar 2022 — A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. Un atacante local podría leer los archivos de algunos informes SA360 de otros usuarios almacenados en la carpeta /tmp durante el proceso de preparación antes de que los archivos sean cargados en BigQuery. Es recomendado actualizar a versión 1.0.3 o superior • https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7fjx-657r-9r5h • CWE-275: Permission Issues CWE-276: Incorrect Default Permissions •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 1CVE-2022-24302 – python-paramiko: Race condition in the write_private_key_file function
https://notcve.org/view.php?id=CVE-2022-24302
17 Mar 2022 — In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. ... This flaw allows unauthorized information disclosure from an attacker with access to the write_private_key_file. • https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39667
https://notcve.org/view.php?id=CVE-2021-39667
16 Mar 2022 — This could lead to remote information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/2022-03-01 • CWE-787: Out-of-bounds Write •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39792
https://notcve.org/view.php?id=CVE-2021-39792
16 Mar 2022 — This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2022-03-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39730
https://notcve.org/view.php?id=CVE-2021-39730
16 Mar 2022 — This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2022-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39727
https://notcve.org/view.php?id=CVE-2021-39727
16 Mar 2022 — In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2022-03-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39726
https://notcve.org/view.php?id=CVE-2021-39726
16 Mar 2022 — This could lead to remote information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2022-03-01 • CWE-125: Out-of-bounds Read •