| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. |
| Visual Studio Code Spoofing Vulnerability |
| Visual Studio Code WSL Extension Remote Code Execution Vulnerability |
| Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability |
| Microsoft PowerShell Spoofing Vulnerability |
| Microsoft BizTalk ESB Toolkit Spoofing Vulnerability |
| Visual Studio Code Remote Code Execution Vulnerability |
| Microsoft Defender for IoT Remote Code Execution Vulnerability |
| Microsoft Defender for IoT Information Disclosure Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Windows Mobile Device Management Elevation of Privilege Vulnerability |
| ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability |
| Microsoft SharePoint Elevation of Privilege Vulnerability |
| Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8. |
| Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. |
| A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function |
| Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. |
| The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. |
| WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. |
