Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3723 | 1 Google | 1 Chrome | 2022-12-08 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3661 | 1 Google | 1 Chrome | 2022-12-08 | N/A | 4.3 MEDIUM |
| Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2022-3315 | 1 Google | 1 Chrome | 2022-12-08 | N/A | 8.8 HIGH |
| Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-3314 | 1 Google | 1 Chrome | 2022-12-08 | N/A | 6.5 MEDIUM |
| Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3313 | 1 Google | 1 Chrome | 2022-12-08 | N/A | 6.5 MEDIUM |
| Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3889 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-12-08 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3888 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-12-08 | N/A | 8.8 HIGH |
| Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3887 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-12-08 | N/A | 8.8 HIGH |
| Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3885 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-12-08 | N/A | 8.8 HIGH |
| Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2021-39077 | 1 Ibm | 1 Security Guardium | 2022-12-08 | N/A | 4.4 MEDIUM |
| IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. | |||||
| CVE-2022-3890 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-12-08 | N/A | 9.6 CRITICAL |
| Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3886 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-12-08 | N/A | 8.8 HIGH |
| Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3312 | 1 Google | 1 Chrome | 2022-12-08 | N/A | 4.6 MEDIUM |
| Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium) | |||||
| CVE-2022-41622 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2022-12-08 | N/A | 8.8 HIGH |
| In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-37406 | 1 Ricoh | 2 Aficio Sp 4210n, Aficio Sp 4210n Firmware | 2022-12-08 | N/A | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2022-45026 | 1 Markdown Preview Enhanced Project | 1 Markdown Preview Enhanced | 2022-12-08 | N/A | 9.8 CRITICAL |
| An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process. | |||||
| CVE-2022-45025 | 1 Markdown Preview Enhanced Project | 1 Markdown Preview Enhanced | 2022-12-08 | N/A | 9.8 CRITICAL |
| Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. | |||||
| CVE-2022-23472 | 1 Passeo Project | 1 Passeo | 2022-12-08 | N/A | 7.5 HIGH |
| Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-1968 | 3 Apple, Debian, Vim | 3 Macos, Debian Linux, Vim | 2022-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-1898 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 8.2. | |||||