The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-3031 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user\'s password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. | -- | Oct 19, 2022 | n/a |
CVE-2022-3032 | When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. | -- | Dec 22, 2022 | n/a |
CVE-2022-3033 | If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv=refresh</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn\'t affect users who have changed the default Message Body display setting to \'simple html\' or \'plain text\'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. | -- | Dec 22, 2022 | n/a |
CVE-2022-3034 | When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn\'t display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. | -- | Dec 22, 2022 | n/a |
CVE-2022-3035 | Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. | -- | Sep 1, 2022 | n/a |
CVE-2022-3036 | The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | -- | Sep 21, 2022 | n/a |
CVE-2022-3037 | Use After Free in GitHub repository vim/vim prior to 9.0.0322. | -- | Sep 1, 2022 | n/a |
CVE-2022-3038 | Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3039 | Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3040 | Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3041 | Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3042 | Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3043 | Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3044 | Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3045 | Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3046 | Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3047 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3048 | Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. | -- | Sep 5, 2022 | n/a |
CVE-2022-3049 | Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3050 | Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | -- | Sep 5, 2022 | n/a |
CVE-2022-3051 | Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | -- | Sep 5, 2022 | n/a |
CVE-2022-3052 | Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | -- | Sep 5, 2022 | n/a |
CVE-2022-3053 | Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3054 | Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3055 | Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3056 | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3057 | Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | -- | Sep 5, 2022 | n/a |
CVE-2022-3058 | Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. | -- | Sep 5, 2022 | n/a |
CVE-2022-3059 | The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. | -- | Nov 3, 2022 | n/a |
CVE-2022-3060 | Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests | -- | Oct 19, 2022 | n/a |
CVE-2022-3061 | Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn\'t check the value of \'pixclock\', so it may cause a divide by zero error. | -- | Sep 1, 2022 | n/a |
CVE-2022-3062 | The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting | -- | Sep 27, 2022 | n/a |
CVE-2022-3063 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2022-3064 | Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. | -- | Dec 28, 2022 | n/a |
CVE-2022-3065 | Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. | -- | Sep 3, 2022 | n/a |
CVE-2022-3066 | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project. | -- | Oct 19, 2022 | n/a |
CVE-2022-3067 | An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects\' content given the project\'s ID. | -- | Oct 19, 2022 | n/a |
CVE-2022-3068 | Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3. | -- | Sep 22, 2022 | n/a |
CVE-2022-3069 | The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | -- | Sep 27, 2022 | n/a |
CVE-2022-3070 | The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | -- | Sep 27, 2022 | n/a |
CVE-2022-3071 | Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. | -- | Sep 4, 2022 | n/a |
CVE-2022-3072 | Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. | -- | Sep 2, 2022 | n/a |
CVE-2022-3073 | Quanos SCHEMA ST4 example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is \'*-schema.js\'. | -- | Dec 16, 2022 | n/a |
CVE-2022-3074 | The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. | -- | Sep 27, 2022 | n/a |
CVE-2022-3075 | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | -- | Sep 4, 2022 | n/a |
CVE-2022-3076 | The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin\'s setting, which could be used by admins of multisite blog to upload PHP files for example. | -- | Sep 27, 2022 | n/a |
CVE-2022-3077 | A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system. | -- | Sep 9, 2022 | n/a |
CVE-2022-3078 | An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. | -- | Sep 2, 2022 | n/a |
CVE-2022-3079 | Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. | -- | Sep 21, 2022 | n/a |
CVE-2022-3080 | By sending specific queries to the resolver, an attacker can cause named to crash. | -- | Sep 25, 2022 | n/a |