CVE-2022-3443

CVE-2022-3443 concerns Google Chrome up to version 106.0.5249.62 (inclusive). The vulnerability arises from insufficient data validation in the File System API, enabling a remote attacker to bypass file-system restrictions via a crafted HTML page. The NVD entry notes a Chromium-based severity of ...

CVE-2022-3661

Google Chrome/Chromium vulnerability CVE-2022-3661 arises from insufficient data validation in Extensions, allowing a remote attacker who already compromised the renderer to leak cross-origin data via a crafted extension. Affected versions are Chrome/Chromium prior to 107.0.5304.62; the issue is ...

CVE-2022-3444

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. Chromium security severity: Low...

CVE-2022-3656

CVE-2022-3656 affects Google Chrome/Chromium’s File System API, with Insufficient data validation that allowed bypassing file-system restrictions via a crafted HTML page. Affected: Chrome/Chromium prior to 107.0.5304.62; impact per NVD: high (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H; base 8....

CVE-2022-3443

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2022-3661

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. Chromium security severity: Low...

CVE-2022-3656

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2022-3444

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. Chromium security severity: Low...

The vulnerability in Google Chrome’s developer tools for web developers allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s developer tools relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote location...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10177-1 Rating: important References: 1204732 1204819 Cross-References: CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10180-1 Rating: important References: 1204732 1204819 Cross-References: CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660...

Oracle data feed is insufficiently validated

Lines of code Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed. However, the received data is not validated/checked for freshness and round completeness. This might cause the price to be stale and it can lead t...

Google Chrome Security Update (stable-channel-update-for-desktop_25-2022-10) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2022-3379

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer...

CVE-2022-3377

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory...

CVE-2022-3378

Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory...

CVE-2022-3379

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer...

Chromium: CVE-2022-3661 Insufficient data validation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2022-3656 Insufficient data validation in File System

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Arbitrary Code Execution

badaso/core is vulnerable to arbitrary code executions. The vulnerability is due to the application not properly validating the data uploaded by users which allows an attacker to perform arbitrary code execution...