IDCVSSSummaryLast (major) updatePublished
CVE-2022-21690 None
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the
18-01-2022 - 23:15 18-01-2022 - 23:15
CVE-2022-21692 None
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another
18-01-2022 - 23:15 18-01-2022 - 23:15
CVE-2022-21694 None
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and extern
18-01-2022 - 23:15 18-01-2022 - 23:15
CVE-2022-21700 None
Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in DefaultArgumentC
18-01-2022 - 23:15 18-01-2022 - 23:15
CVE-2022-21689 None
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploa
18-01-2022 - 23:15 18-01-2022 - 22:15
CVE-2021-1093 4.9
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more se
18-01-2022 - 23:15 22-07-2021 - 05:15
CVE-2021-1094 3.6
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.
18-01-2022 - 23:15 22-07-2021 - 05:15
CVE-2021-1095 2.1
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.
18-01-2022 - 23:15 22-07-2021 - 05:15
CVE-2021-1076 4.6
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
18-01-2022 - 23:15 21-04-2021 - 23:15
CVE-2021-1056 3.6
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to d
18-01-2022 - 23:15 08-01-2021 - 01:15
CVE-2022-21673 None
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will for
18-01-2022 - 22:15 18-01-2022 - 22:15
CVE-2022-21691 None
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assum
18-01-2022 - 22:15 18-01-2022 - 22:15
CVE-2022-21693 None
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of
18-01-2022 - 22:15 18-01-2022 - 22:15
CVE-2022-21688 None
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an und
18-01-2022 - 22:15 18-01-2022 - 22:15
CVE-2022-21695 None
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without b
18-01-2022 - 22:15 18-01-2022 - 22:15
CVE-2022-23408 None
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in
18-01-2022 - 21:15 18-01-2022 - 21:15
CVE-2018-19052 5.0
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a
18-01-2022 - 21:15 07-11-2018 - 05:29
CVE-2020-25427 4.3
A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.
18-01-2022 - 20:55 10-01-2022 - 22:15
CVE-2021-35452 4.3
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.
18-01-2022 - 20:46 10-01-2022 - 22:15
CVE-2022-20613 4.3
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
18-01-2022 - 20:42 12-01-2022 - 20:15
CVE-2022-23116 5.0
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
18-01-2022 - 20:40 12-01-2022 - 20:15
CVE-2021-44836 None
An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be
18-01-2022 - 20:34 18-01-2022 - 20:15
CVE-2021-44838 None
An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies.
18-01-2022 - 20:34 18-01-2022 - 20:15
CVE-2021-44839 None
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that wi
18-01-2022 - 20:34 18-01-2022 - 20:15
CVE-2022-21696 None
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an a
18-01-2022 - 20:34 18-01-2022 - 20:15
CVE-2021-45460 5.5
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executab
18-01-2022 - 20:29 11-01-2022 - 12:15
CVE-2022-21670 5.0
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workar
18-01-2022 - 20:18 10-01-2022 - 21:15
CVE-2021-43297 7.5
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch une
18-01-2022 - 20:10 10-01-2022 - 16:15
CVE-2022-21879 7.2
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21881.
18-01-2022 - 20:02 11-01-2022 - 21:15
CVE-2022-21881 7.2
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21879.
18-01-2022 - 20:02 11-01-2022 - 21:15
CVE-2021-44840 None
An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and
18-01-2022 - 19:58 18-01-2022 - 19:15
CVE-2021-4080 6.5
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
18-01-2022 - 19:57 12-01-2022 - 14:15
CVE-2022-22821 2.1
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.
18-01-2022 - 19:52 10-01-2022 - 14:12
CVE-2022-23115 5.8
Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.
18-01-2022 - 19:51 12-01-2022 - 20:15
CVE-2021-44717 5.8
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
18-01-2022 - 19:50 01-01-2022 - 05:15
CVE-2022-23114 2.1
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
18-01-2022 - 19:49 12-01-2022 - 20:15
CVE-2022-23112 4.0
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.
18-01-2022 - 19:48 12-01-2022 - 20:15
CVE-2022-23111 4.3
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
18-01-2022 - 19:46 12-01-2022 - 20:15
CVE-2022-23110 3.5
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
18-01-2022 - 19:44 12-01-2022 - 20:15
CVE-2022-23109 4.0
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
18-01-2022 - 19:43 12-01-2022 - 20:15
CVE-2022-21874 10.0
Windows Security Center API Remote Code Execution Vulnerability.
18-01-2022 - 19:43 11-01-2022 - 21:15
CVE-2022-23108 3.5
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permissio
18-01-2022 - 19:39 12-01-2022 - 20:15
CVE-2022-23107 5.5
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins con
18-01-2022 - 19:37 12-01-2022 - 20:15
CVE-2022-0224 7.5
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
18-01-2022 - 19:35 14-01-2022 - 18:15
CVE-2022-23106 5.0
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
18-01-2022 - 19:34 12-01-2022 - 20:15
CVE-2022-21866 4.4
Windows System Launcher Elevation of Privilege Vulnerability.
18-01-2022 - 19:34 11-01-2022 - 21:15
CVE-2022-21878 9.3
Windows Geolocation Service Remote Code Execution Vulnerability.
18-01-2022 - 19:33 11-01-2022 - 21:15
CVE-2022-23105 2.9
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
18-01-2022 - 19:31 12-01-2022 - 20:15
CVE-2022-20621 2.1
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
18-01-2022 - 19:27 12-01-2022 - 20:15
CVE-2022-22284 2.1
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication
18-01-2022 - 19:27 10-01-2022 - 14:12
Back to Top Mark selected
Back to Top