The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-2622 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | -- | Aug 4, 2022 | n/a |
CVE-2022-2621 | Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | -- | Aug 4, 2022 | n/a |
CVE-2022-2620 | Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | -- | Aug 4, 2022 | n/a |
CVE-2022-2619 | Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2618 | Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . | -- | Aug 4, 2022 | n/a |
CVE-2022-2617 | Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | -- | Aug 4, 2022 | n/a |
CVE-2022-2616 | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. | -- | Aug 4, 2022 | n/a |
CVE-2022-2615 | Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2614 | Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2613 | Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | -- | Aug 4, 2022 | n/a |
CVE-2022-2612 | Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2611 | Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2610 | Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2609 | Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | -- | Aug 4, 2022 | n/a |
CVE-2022-2608 | Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | -- | Aug 4, 2022 | n/a |
CVE-2022-2607 | Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | -- | Aug 4, 2022 | n/a |
CVE-2022-2606 | Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2605 | Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2604 | Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2603 | Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Aug 4, 2022 | n/a |
CVE-2022-2598 | Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. | -- | Aug 5, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2596 | Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. | -- | Aug 5, 2022 | n/a |
CVE-2022-2595 | Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. | -- | Aug 5, 2022 | n/a |
CVE-2022-2591 | A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | -- | Aug 5, 2022 | n/a |
CVE-2022-2589 | Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3. | -- | Aug 4, 2022 | n/a |
CVE-2022-2581 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. | -- | Aug 4, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2580 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. | -- | Aug 4, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2571 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. | -- | Aug 4, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2539 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization. | -- | Aug 6, 2022 | n/a |
CVE-2022-2534 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration. | -- | Aug 6, 2022 | n/a |
CVE-2022-2531 | An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability. | -- | Aug 6, 2022 | n/a |
CVE-2022-2512 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. | -- | Aug 6, 2022 | n/a |
CVE-2022-2509 | A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | -- | Aug 5, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2022-2501 | An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required. | -- | Aug 6, 2022 | n/a |
CVE-2022-2500 | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. | -- | Aug 6, 2022 | n/a |
CVE-2022-2499 | An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab\'s Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues. | -- | Aug 6, 2022 | n/a |
CVE-2022-2498 | An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription\'s author. | -- | Aug 6, 2022 | n/a |
CVE-2022-2497 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration\'s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | -- | Aug 6, 2022 | n/a |
CVE-2022-2459 | An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled. | -- | Aug 6, 2022 | n/a |
CVE-2022-2456 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. | -- | Aug 6, 2022 | n/a |
CVE-2022-2417 | Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project. | -- | Aug 6, 2022 | n/a |
CVE-2022-2370 | The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them | -- | Aug 5, 2022 | n/a |
CVE-2022-2369 | The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin | -- | Aug 5, 2022 | n/a |
CVE-2022-2328 | The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | -- | Aug 5, 2022 | n/a |
CVE-2022-2326 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user\'s email address as an unverified secondary email. | -- | Aug 6, 2022 | n/a |
CVE-2022-2325 | The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | -- | Aug 5, 2022 | n/a |
CVE-2022-2317 | The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. | -- | Aug 5, 2022 | n/a |
CVE-2022-2307 | A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited. | -- | Aug 6, 2022 | n/a |
CVE-2022-2305 | The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | -- | Aug 5, 2022 | n/a |
CVE-2022-2303 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. | -- | Aug 6, 2022 | n/a |