U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

National Vulnerability Database

National Vulnerability Database

NVD

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters
Icon for CVMAP
Changes to Data Feeds and API
Icon for CVSS
Retirement of CVSS v2

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-36903 - A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
    Published: July 27, 2022; 11:15:09 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-36918 - Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins... read CVE-2022-36918
    Published: July 27, 2022; 11:15:12 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-31169 - Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.... read CVE-2022-31169
    Published: July 22, 2022; 12:15:14 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-36904 - Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on th... read CVE-2022-36904
    Published: July 27, 2022; 11:15:09 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-36905 - Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability explo... read CVE-2022-36905
    Published: July 27, 2022; 11:15:10 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2022-36906 - A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
    Published: July 27, 2022; 11:15:10 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-31163 - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to r... read CVE-2022-31163
    Published: July 22, 2022; 12:15:14 AM -0400

    V3.1: 8.1 HIGH

  • CVE-2022-36897 - A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jen... read CVE-2022-36897
    Published: July 27, 2022; 11:15:09 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-23000 - The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context inst... read CVE-2022-23000
    Published: July 25, 2022; 3:15:30 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-2164 - Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.
    Published: July 27, 2022; 9:15:17 PM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2022-36896 - A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of... read CVE-2022-36896
    Published: July 27, 2022; 11:15:09 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-36907 - A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
    Published: July 27, 2022; 11:15:10 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-36895 - A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
    Published: July 27, 2022; 11:15:09 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-2162 - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.
    Published: July 27, 2022; 9:15:17 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-2161 - Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
    Published: July 27, 2022; 9:15:16 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-36908 - A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key f... read CVE-2022-36908
    Published: July 27, 2022; 11:15:10 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-36894 - An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-s... read CVE-2022-36894
    Published: July 27, 2022; 11:15:09 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-2160 - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a cr... read CVE-2022-2160
    Published: July 27, 2022; 9:15:16 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-34966 - OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home.
    Published: July 25, 2022; 3:15:43 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-36893 - Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether att... read CVE-2022-36893
    Published: July 27, 2022; 11:15:09 AM -0400

    V3.1: 4.3 MEDIUM