CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2022-2610

CVE-2022-2610 : Concrete details across connected docs show a Chrome/Chromium vulnerability in Background Fetch due to insufficient policy enforcement, allowing a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Google Chrome (Chromium-based), with the root ...

CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10086-1 Rating: important References: 1202075 Cross-References: CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612...

Information Disclosure

chrome is vulnerable to information disclosure. The vulnerability exists due to an Insufficient policy enforcement in Background Fetch allowing an attacker to leak cross-origin data via a crafted HTML page...

Microsoft Edge (Chromium) < 104.0.1293.47 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 104.0.1293.47. It is, therefore, affected by multiple vulnerabilities as referenced in the August 5, 2022 advisory. - Use after free in Omnibox. CVE-2022-2603 - Use after free in Safe Browsing. CVE-2022-2604 - Out of...

Updated chromium-browser-stable packages fix security vulnerability

1325699 High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16 1335316 High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang@eternalsakura13 and Guang Gong of 360 Alpha Lab on 2022-06-10 1338470 High CVE-2022-2605: Out of bounds read in Dawn. Report...

Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2022-21186

The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

Malicious Package

Overview gaarf-fetch-cf is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

PT-2022-22463 · Percona · Percona Server For Mysql

Name of the Vulnerable Software and Affected Versions: Percona Server for MySQL version 8.0.28-19 Description: An issue in the fetch step function allows attackers to cause a Denial of Service DoS via a SQL query. Recommendations: For Percona Server for MySQL version 8.0.28-19, consider disabling...

FreeBSD : chromium -- multiple vulnerabilities (96a41723-133a-11ed-be3b-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 96a41723-133a-11ed-be3b-3065ec8fd3ec advisory. - Use after free in Omnibox. CVE-2022-2603 - Use after free in Safe Browsing. CVE-2022-2604 -...

Percona Server for MySQL SQL注入漏洞

Percona Server for MySQL is an open source relational database management system. A security vulnerability exists in Percona Server for MySQL version v8.0.28-19, which originates from its fetchstep function that allows attackers to cause a denial of service via a SQL query...

Regular Expression Denial Of Service (ReDoS)

Node-fetch is vulnerable to denial of service. The vulnerability lies in the referrer field in the fetch function, leading to inefficient Regular Expression Complexity. If an attacker is able to use a large character string in the referrer field, the program will either hang or crash...

CVE-2022-2596

A flaw was found in the node-fetch package. Affected 3.x versions of the node-fetch package are vulnerable to denial of service attacks, affecting system availability...

QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...

GHSA-VP56-6G26-6827 node-fetch Inefficient Regular Expression Complexity

node-fetch is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the isOriginPotentiallyTrustworthy function in referrer.js, when processing a URL string with alternating letters and periods,...

node-fetch Inefficient Regular Expression Complexity

node-fetch is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the isOriginPotentiallyTrustworthy function in referrer.js, when processing a URL string with alternating letters and periods,...

4i18n-cli (>=0.0.2 <=0.0.7), @about7sharks/get-articles (>=0.0.1 <=0.0.22) +114 more potentially affected by CVE-2022-2596 via node-fetch (>=3.0.0 <=3.2.1)

node-fetch NPM version =3.0.0, =0.0.2, =0.0.1, =1.1.0, =1.273.2, =1.0.0, =7.0.0, =2.14.0, =0.9.0, =0.10.1, =0.5.1, =0.7.0 and more Source cves: CVE-2022-2596 Source advisory: OSV:GHSA-VP56-6G26-6827...