Skip to main content
CVE-2022-1055 HIGH POC PATCH This Week

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. Rated high severity (CVSS 8.6). Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +11
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2022-1032 HIGH POC PATCH This Week

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Crater
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-22941 HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-22936 HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-22934 HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-1050 HIGH PATCH This Week

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

VMware Memory Corruption Use After Free Information Disclosure Qemu
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-28150 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Job And Node Ownership
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-28136 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Jiratestresultreporter
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-28155 HIGH This Week

Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Pipeline
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-28154 HIGH This Week

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Coverage Complexity Scatter Plot
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-28140 HIGH PATCH This Week

Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Flaky Test Handler
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-21821 HIGH This Week

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Cuda Toolkit
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2022-26839 HIGH This Week

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Diaenergie
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0343 HIGH PATCH This Week

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Perfetto
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25347 HIGH This Week

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
CVSS 3.1
7.5
EPSS
11.1%
CVE-2022-28142 HIGH PATCH This Week

Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Proxmox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-1077 HIGH This Week

A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flex 1085 Firmware Flex 1080 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-23937 HIGH This Week

In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Information Disclosure Vxworks
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy