CVE-2022-20394

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...

PT-2022-14620 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to a missing permission check in the getInputMethodWindowVisibleHeight function of InputMethodManagerService.java. This could allow an app to determine when...

Microsoft IME Japanese Privilege Escalation Vulnerability

Microsoft Input Method Editor IME Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default with the default set as disabled. IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE IME for Japanese is installed which allows...

NewStart CGSL MAIN 6.02 : xorg-x11-server Multiple Vulnerabilities (NS-SA-2022-0049)

The remote NewStart CGSL host, running version MAIN 6.02, has xorg-x11-server packages installed that are affected by multiple vulnerabilities: - An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As pe...

April 25, 2022—KB5012637 (OS Build 20348.681) Preview

April 25, 2022—KB5012637 OS Build 20348.681 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find ou...

CVE-2021-39748

In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

AlmaLinux 8 : ibus and glib2 (ALSA-2020:1880)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:1880 advisory. - A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to...

Updated chromium-browser-stable packages fix security vulnerability

CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API. CVE-2022-0101: Heap buffer overflow in Bookmarks...

KLA12435 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in Task Manager can be exploited to execute arbitrary code or caus...

January 25, 2022—KB5009596 (OS Builds 19042.1503, 19043.1503, and 19044.1503) Preview

January 25, 2022—KB5009596 OS Builds 19042.1503, 19043.1503, and 19044.1503 Preview 01/11/22 REMINDER Windows 10, version 2004 reached end of servicing on December 14, 2021. To continue receiving security and quality updates, Microsoft recommends that you update to the latest version of Windows...

Use After Free

Chrome is vulnerable to use after free. The vulnerability exists due to a lack of sanitization in Text Input Method...

Chromium: CVE-2022-0300 Use after free in Text Input Method Editor

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA12429 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in Service Worker API can be exploited to cause denial of servic...

Stable Channel Update for Desktop

The Stable channel has been updated to 97.0.4692.99 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended stable channel has also been updated to 96.0.4664.110 for Windows and Mac which will roll out over the coming days/weeks A full list of changes in this build is...

November 22, 2021—KB5007262 (OS Build 22000.348) Preview

November 22, 2021—KB5007262 OS Build 22000.348 Preview 11/9/21 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release known as a...

ibus bug fix update

An update is available for ibus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Intelligent Input Bus IBus is an input method framework for multilingual inp...