CVE-2022-21694

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-732
View all →

Vulnerability Description

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images.

Related Vulnerabilities

CVE-2011-2515

MEDIUM
CVSS:5.3(Medium)

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

CWE-7322011

CVE-2011-4912

MEDIUM
CVSS:5.3(Medium)

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

CWE-7322011

CVE-2016-11062

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.

CWE-7322016

CVE-2017-0423

MEDIUM
CVSS:5.3(Medium)

An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitati...

CWE-7322017

CVE-2017-15906

MEDIUM
CVSS:5.3(Medium)

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

CWE-7322017

CVE-2017-16754

MEDIUM
CVSS:5.3(Medium)

Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.

CWE-7322017