Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-4915 1 Google 1 Chrome 2025-02-13 6.5 Medium
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4913 1 Google 1 Chrome 2025-02-13 6.5 Medium
Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)
CVE-2022-4910 1 Google 1 Chrome 2025-02-13 5.4 Medium
Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4909 1 Google 1 Chrome 2025-02-13 6.3 Medium
Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)
CVE-2022-4908 1 Google 1 Chrome 2025-02-13 4.3 Medium
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4907 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 8.8 High
Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4906 1 Google 1 Chrome 2025-02-13 8.8 High
Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-46725 2 Apple, Redhat 4 Ipados, Iphone Os, Enterprise Linux and 1 more 2025-02-13 4.3 Medium
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
CVE-2022-44611 1 Intel 596 Atom X6200fe, Atom X6200fe Firmware, Atom X6211e and 593 more 2025-02-13 6.9 Medium
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
CVE-2022-42331 2 Fedoraproject, Xen 2 Fedora, Xen 2025-02-13 5.5 Medium
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.
CVE-2022-39399 5 Azul, Fedoraproject, Netapp and 2 more 19 Zulu, Fedora, 7-mode Transition Tool and 16 more 2025-02-13 3.7 Low
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2022-38102 1 Intel 98 Atom X6200fe, Atom X6211e, Atom X6212re and 95 more 2025-02-13 7.2 High
Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-38076 4 Debian, Fedoraproject, Intel and 1 more 16 Debian Linux, Fedora, Dual Band Wireless-ac 3165 and 13 more 2025-02-13 3.8 Low
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36392 2 Intel, Intel And Intel Standard Manageability In Intel Csme 135 B150, B250, B360 and 132 more 2025-02-13 8.6 High
Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2022-36351 4 Debian, Fedoraproject, Intel and 1 more 16 Debian Linux, Fedora, Killer and 13 more 2025-02-13 4.3 Medium
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-33894 1 Intel 546 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 543 more 2025-02-13 7.5 High
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-29871 2 Intel, Intel Csme Software Installer 432 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 429 more 2025-02-13 6.7 Medium
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-28735 2 Gnu, Redhat 4 Grub2, Enterprise Linux, Rhel E4s and 1 more 2025-02-13 6.7 Medium
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
CVE-2022-23824 3 Amd, Fedoraproject, Xen 336 A10-9600p, A10-9600p Firmware, A10-9630p and 333 more 2025-02-13 5.5 Medium
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
CVE-2022-21628 5 Azul, Fedoraproject, Netapp and 2 more 20 Zulu, Fedora, 7-mode Transition Tool and 17 more 2025-02-13 5.3 Medium
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).