Total
4367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2613 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2605 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2607 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2606 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2603 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2604 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2611 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2022-10-27 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-2610 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-2612 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2022-2609 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2608 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2008 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-40320 | 2 Fedoraproject, Libconfuse Project | 2 Fedora, Libconfuse | 2022-10-27 | N/A | 8.8 HIGH |
| cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. | |||||
| CVE-2019-17545 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Backports Sle and 3 more | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | |||||
| CVE-2022-31214 | 3 Debian, Fedoraproject, Firejail Project | 3 Debian Linux, Fedora, Firejail | 2022-10-27 | 7.2 HIGH | 7.8 HIGH |
| A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. | |||||
| CVE-2022-34912 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. | |||||
| CVE-2022-34911 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | |||||
| CVE-2021-46829 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2022-10-27 | N/A | 7.8 HIGH |
| GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. | |||||
| CVE-2022-32323 | 2 Autotrace Project, Fedoraproject | 2 Autotrace, Fedora | 2022-10-27 | 6.8 MEDIUM | 7.3 HIGH |
| AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. | |||||
| CVE-2021-3406 | 2 Fedoraproject, Keylime | 2 Fedora, Keylime | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations. | |||||