Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36266 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2022-10-26 | N/A | 6.1 MEDIUM |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page. | |||||
| CVE-2022-35922 | 2 Fedoraproject, Rust-websocket Project | 2 Fedora, Rust-websocket | 2022-10-26 | N/A | 7.5 HIGH |
| Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When `Vec::with_capacity` fails to allocate, the default Rust allocator will abort the current process, killing all threads. This affects only sync (non-Tokio) implementation. Async version also does not limit memory, but does not use `with_capacity`, so DoS can happen only when bytes for oversized dataframe or message actually got delivered by the attacker. The crashes are fixed in version 0.26.5 by imposing default dataframe size limits. Affected users are advised to update to this version. Users unable to upgrade are advised to filter websocket traffic externally or to only accept trusted traffic. | |||||
| CVE-2022-1866 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. | |||||
| CVE-2022-1865 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. | |||||
| CVE-2022-1864 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. | |||||
| CVE-2022-1863 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. | |||||
| CVE-2022-1862 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page. | |||||
| CVE-2022-1861 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. | |||||
| CVE-2022-1860 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. | |||||
| CVE-2022-1859 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1858 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.5 MEDIUM |
| Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. | |||||
| CVE-2022-1857 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. | |||||
| CVE-2022-1856 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. | |||||
| CVE-2022-1855 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1854 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1853 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 9.6 CRITICAL |
| Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-1641 | 1 Google | 2 Chrome, Chrome Os | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction. | |||||
| CVE-2022-1640 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1639 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1637 | 1 Google | 2 Android, Chrome | 2022-10-26 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||