Weekly Vulnerabilities Reports > July 25 to 31, 2022
Overview
85 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 45 high severity vulnerabilities. This weekly summary report vulnerabilities in 89 products from 32 vendors including Google, Fedoraproject, Debian, Moodle, and Netapp. Vulnerabilities are notably categorized as "Use After Free", "Cross-site Scripting", "Exposure of Resource to Wrong Sphere", "Out-of-bounds Write", and "Improper Input Validation".
- 80 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 76 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 54 reported vulnerabilities.
- Fedoraproject has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2022-07-28 | CVE-2021-41556 | Squirrel Lang Fedoraproject | Out-of-bounds Read vulnerability in multiple products sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. | 10.0 |
| 2022-07-28 | CVE-2022-2564 | Mongoosejs | Unspecified vulnerability in Mongoosejs Mongoose Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6. | 9.8 |
| 2022-07-28 | CVE-2022-27612 | Synology | Classic Buffer Overflow vulnerability in Synology Audio Station Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. | 9.8 |
| 2022-07-28 | CVE-2022-31627 | PHP | Out-of-bounds Write vulnerability in PHP In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption. | 9.8 |
| 2022-07-25 | CVE-2022-35649 | Moodle Fedoraproject | Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. | 9.8 |
| 2022-07-25 | CVE-2020-7677 | Thenify Project Debian | This affects the package thenify before 3.3.1. | 9.8 |
| 2022-07-25 | CVE-2022-36450 | Obsidian | Improper Input Validation vulnerability in Obsidian Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. | 9.8 |
| 2022-07-25 | CVE-2022-36446 | Webmin | Improper Encoding or Escaping of Output vulnerability in Webmin software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | 9.8 |
| 2022-07-27 | CVE-2022-1853 | Use After Free vulnerability in Google Chrome Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 | |
| 2022-07-28 | CVE-2022-2010 | Google Fedoraproject | Out-of-bounds Read vulnerability in multiple products Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.3 |
45 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2022-07-28 | CVE-2022-2163 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. | 8.8 |
| 2022-07-28 | CVE-2022-2294 | Google Fedoraproject Webkitgtk Wpewebkit Apple Webrtc Project | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-28 | CVE-2022-2295 | Google Fedoraproject | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-28 | CVE-2022-2296 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. | 8.8 |
| 2022-07-28 | CVE-2022-1919 | Use After Free vulnerability in Google Chrome Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
| 2022-07-28 | CVE-2022-2007 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-28 | CVE-2022-2008 | Google Fedoraproject | Double Free vulnerability in multiple products Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-28 | CVE-2022-2011 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-28 | CVE-2022-2156 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-28 | CVE-2022-2157 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-28 | CVE-2022-2158 | Google Fedoraproject | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2022-07-28 | CVE-2022-2161 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
| 2022-07-28 | CVE-2022-2415 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
| 2022-07-27 | CVE-2022-1854 | Use After Free vulnerability in Google Chrome Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
| 2022-07-27 | CVE-2022-1855 | Use After Free vulnerability in Google Chrome Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
| 2022-07-27 | CVE-2022-1856 | Use After Free vulnerability in Google Chrome Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. | 8.8 | |
| 2022-07-27 | CVE-2022-1857 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. | 8.8 | |
| 2022-07-27 | CVE-2022-1859 | Use After Free vulnerability in Google Chrome Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
| 2022-07-27 | CVE-2022-1860 | Use After Free vulnerability in Google Chrome Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. | 8.8 | |
| 2022-07-27 | CVE-2022-1861 | Use After Free vulnerability in Google Chrome Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. | 8.8 | |
| 2022-07-27 | CVE-2022-1863 | Use After Free vulnerability in Google Chrome Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. | 8.8 | |
| 2022-07-27 | CVE-2022-1864 | Use After Free vulnerability in Google Chrome Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. | 8.8 | |
| 2022-07-27 | CVE-2022-1865 | Use After Free vulnerability in Google Chrome Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. | 8.8 | |
| 2022-07-27 | CVE-2022-1866 | Use After Free vulnerability in Google Chrome Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. | 8.8 | |
| 2022-07-27 | CVE-2022-1870 | Use After Free vulnerability in Google Chrome Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 | |
| 2022-07-27 | CVE-2022-1874 | Incorrect Authorization vulnerability in Google Chrome Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. | 8.8 | |
| 2022-07-27 | CVE-2022-1876 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
| 2022-07-26 | CVE-2022-1496 | Use After Free vulnerability in Google Chrome Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. | 8.8 | |
| 2022-07-26 | CVE-2022-1633 | Use After Free vulnerability in Google Chrome Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. | 8.8 | |
| 2022-07-26 | CVE-2022-1634 | Use After Free vulnerability in Google Chrome Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. | 8.8 | |
| 2022-07-26 | CVE-2022-1635 | Use After Free vulnerability in Google Chrome Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. | 8.8 | |
| 2022-07-26 | CVE-2022-1636 | Use After Free vulnerability in Google Chrome Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
| 2022-07-26 | CVE-2022-1639 | Use After Free vulnerability in Google Chrome Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
| 2022-07-26 | CVE-2022-1640 | Use After Free vulnerability in Google Chrome Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
| 2022-07-26 | CVE-2022-1641 | Use After Free vulnerability in Google Chrome Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction. | 8.8 | |
| 2022-07-26 | CVE-2022-33745 | XEN Debian Fedoraproject | insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. | 8.8 |
| 2022-07-25 | CVE-2022-26307 | Libreoffice | Cleartext Storage of Sensitive Information vulnerability in Libreoffice LibreOffice supports the storage of passwords for web connections in the user’s configuration database. | 8.8 |
| 2022-07-28 | CVE-2022-30287 | Horde Debian | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. | 8.0 |
| 2022-07-26 | CVE-2022-29957 | Emerson | Missing Authentication for Critical Function vulnerability in Emerson Deltav Distributed Control System The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. | 7.8 |
| 2022-07-25 | CVE-2022-2522 | VIM | Heap-based Buffer Overflow vulnerability in VIM Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. | 7.8 |
| 2022-07-27 | CVE-2022-36946 | Linux Debian Netapp | nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. | 7.5 |
| 2022-07-25 | CVE-2022-34749 | Mistune Project Fedoraproject | In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. | 7.5 |
| 2022-07-25 | CVE-2022-24992 | QR Code Generator Project | Path Traversal vulnerability in QR Code Generator Project QR Code Generator A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal. | 7.5 |
| 2022-07-25 | CVE-2022-35650 | Moodle Fedoraproject | Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. | 7.5 |
| 2022-07-25 | CVE-2022-26306 | Libreoffice | Inadequate Encryption Strength vulnerability in Libreoffice LibreOffice supports the storage of passwords for web connections in the user’s configuration database. | 7.5 |
30 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2022-07-29 | CVE-2022-34526 | Libtiff Fedoraproject Netapp | Out-of-bounds Write vulnerability in multiple products A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. | 6.5 |
| 2022-07-28 | CVE-2022-2553 | Clusterlabs Debian Fedoraproject | Improper Authentication vulnerability in multiple products The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. | 6.5 |
| 2022-07-28 | CVE-2022-2160 | Google Fedoraproject | Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. | 6.5 |
| 2022-07-27 | CVE-2021-46830 | Helpsystems | Path Traversal vulnerability in Helpsystems Goanywhere Managed File Transfer A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. | 6.5 |
| 2022-07-27 | CVE-2022-1858 | Out-of-bounds Read vulnerability in Google Chrome Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. | 6.5 | |
| 2022-07-27 | CVE-2022-1862 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page. | 6.5 | |
| 2022-07-27 | CVE-2022-1867 | Improper Input Validation vulnerability in Google Chrome Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. | 6.5 | |
| 2022-07-27 | CVE-2022-1868 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. | 6.5 | |
| 2022-07-27 | CVE-2022-1869 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 | |
| 2022-07-27 | CVE-2022-1873 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 | |
| 2022-07-26 | CVE-2022-1497 | Origin Validation Error vulnerability in Google Chrome Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. | 6.5 | |
| 2022-07-26 | CVE-2022-1500 | Improper Input Validation vulnerability in Google Chrome Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 6.5 | |
| 2022-07-26 | CVE-2022-1501 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 | |
| 2022-07-26 | CVE-2022-1499 | Incorrect Authorization vulnerability in Google Chrome Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 6.3 | |
| 2022-07-28 | CVE-2016-3709 | Xmlsoft | Cross-site Scripting vulnerability in Xmlsoft Libxml2 Possible cross-site scripting vulnerability in libxml after commit 960f0e2. | 6.1 |
| 2022-07-25 | CVE-2022-35651 | Moodle Redhat Fedoraproject | Cross-site Scripting vulnerability in multiple products A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. | 6.1 |
| 2022-07-25 | CVE-2022-35652 | Moodle Fedoraproject | Open Redirect vulnerability in multiple products An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. | 6.1 |
| 2022-07-25 | CVE-2022-35653 | Moodle Fedoraproject Redhat | Cross-site Scripting vulnerability in multiple products A reflected XSS issue was identified in the LTI module of Moodle. | 6.1 |
| 2022-07-27 | CVE-2022-36879 | Linux Debian Netapp | An issue was discovered in the Linux kernel through 5.18.14. | 5.5 |
| 2022-07-26 | CVE-2022-29965 | Emerson | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Emerson products The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. | 5.5 |
| 2022-07-28 | CVE-2022-34140 | Feehi | Cross-site Scripting vulnerability in Feehi CMS 2.1.1 A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field. | 5.4 |
| 2022-07-25 | CVE-2022-0594 | Shareaholic | Incorrect Authorization vulnerability in Shareaholic The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | 5.3 |
| 2022-07-28 | CVE-2022-35882 | Gsplugins | Cross-site Scripting vulnerability in Gsplugins GS Testimonial Slider Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress. | 4.8 |
| 2022-07-27 | CVE-2022-1871 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. | 4.3 | |
| 2022-07-27 | CVE-2022-1872 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. | 4.3 | |
| 2022-07-27 | CVE-2022-1875 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 | |
| 2022-07-27 | CVE-2022-36880 | Webmin | Cross-site Scripting vulnerability in Webmin Usermin The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | 4.3 |
| 2022-07-26 | CVE-2022-1495 | Authentication Bypass by Spoofing vulnerability in Google Chrome Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. | 4.3 | |
| 2022-07-26 | CVE-2022-1498 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 | |
| 2022-07-26 | CVE-2022-1637 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|