Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0132 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-25 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0131 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0130 | 1 Google | 2 Android, Chrome | 2023-11-25 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0129 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) | |||||
| CVE-2023-0128 | 1 Google | 2 Chrome, Chrome Os | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4440 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4439 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) | |||||
| CVE-2022-4438 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4437 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4436 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-44708 | 1 Microsoft | 2 Edge, Edge Chromium | 2023-11-25 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-44688 | 1 Microsoft | 1 Edge Chromium | 2023-11-25 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2022-41115 | 1 Microsoft | 1 Edge Chromium | 2023-11-25 | N/A | 6.6 MEDIUM |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | |||||
| CVE-2022-4195 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) | |||||
| CVE-2022-4194 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4193 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4192 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) | |||||
| CVE-2022-4191 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) | |||||
| CVE-2022-4190 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4189 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2022-4188 | 1 Google | 2 Android, Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4187 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-25 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4186 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4185 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4184 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4183 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4182 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4181 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4180 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | |||||
| CVE-2022-4179 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | |||||
| CVE-2022-4178 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4177 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) | |||||
| CVE-2022-4176 | 1 Google | 3 Chrome, Chrome Os, Linux And Chrome Os | 2023-11-25 | N/A | 8.8 HIGH |
| Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) | |||||
| CVE-2022-4175 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4174 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-41715 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | |||||
| CVE-2022-2880 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. | |||||
| CVE-2022-2879 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. | |||||
| CVE-2022-3201 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2023-11-25 | N/A | 5.4 MEDIUM |
| Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-2294 | 6 Apple, Fedoraproject, Google and 3 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2023-11-25 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-26505 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2023-11-25 | 4.3 MEDIUM | 7.4 HIGH |
| A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | |||||
| CVE-2022-41974 | 3 Debian, Fedoraproject, Opensvc | 3 Debian Linux, Fedora, Multipath-tools | 2023-11-25 | N/A | 7.8 HIGH |
| multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. | |||||
| CVE-2022-41973 | 3 Debian, Fedoraproject, Opensvc | 3 Debian Linux, Fedora, Multipath-tools | 2023-11-25 | N/A | 7.8 HIGH |
| multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. | |||||
| CVE-2021-45417 | 5 Advanced Intrusion Detection Environment Project, Canonical, Debian and 2 more | 7 Advanced Intrusion Detection Environment, Ubuntu Linux, Debian Linux and 4 more | 2023-11-25 | 7.2 HIGH | 7.8 HIGH |
| AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. | |||||
| CVE-2021-3466 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Libmicrohttpd, Enterprise Linux | 2023-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. | |||||
| CVE-2023-48029 | 1 Corebos | 1 Corebos | 2023-11-25 | N/A | 8.0 HIGH |
| Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer. | |||||
| CVE-2023-31273 | 1 Intel | 1 Data Center Manager | 2023-11-25 | N/A | 9.8 CRITICAL |
| Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-41700 | 1 Intel | 1 Nuc Pro Software Suite | 2023-11-25 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2023-11-25 | N/A | 7.8 HIGH |
| Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-11447 | 1 Bell | 2 Home Hub 3000, Home Hub 3000 Firmware | 2023-11-25 | N/A | 4.3 MEDIUM |
| An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device. | |||||