Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3044 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2022-3043 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2022-10-27 | N/A | 8.8 HIGH |
| Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2860 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. | |||||
| CVE-2021-43788 | 1 Nodebb | 1 Nodebb | 2022-10-27 | 4.0 MEDIUM | 5.0 MEDIUM |
| Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. | |||||
| CVE-2021-45844 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2022-10-27 | 7.6 HIGH | 7.8 HIGH |
| Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. | |||||
| CVE-2021-45845 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2022-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. | |||||
| CVE-2022-3049 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-24761 | 1 Bestwebsoft | 1 Error Log Viewer | 2022-10-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. | |||||
| CVE-2022-2618 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . | |||||
| CVE-2022-25486 | 1 Cuppacms | 1 Cuppacms | 2022-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | |||||
| CVE-2022-2617 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2616 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. | |||||
| CVE-2022-2615 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-2614 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2624 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2022-2623 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2622 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2022-10-27 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | |||||
| CVE-2022-2620 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2619 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | |||||
| CVE-2021-43786 | 1 Nodebb | 1 Nodebb | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible. | |||||