Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-2605

  • EPSS 0.44%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:20

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2022-2606

  • EPSS 1%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:20

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2022-2607

  • EPSS 1.05%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:20

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8

CVE-2022-2608

  • EPSS 1.05%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:20

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8

CVE-2022-2609

  • EPSS 1.05%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:20

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

6.5

CVE-2022-2610

  • EPSS 0.2%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:21

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3

CVE-2022-2611

  • EPSS 0.36%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:21

Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5

CVE-2022-2612

  • EPSS 0.39%
  • Veröffentlicht 12.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:21

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

7.5

CVE-2022-38150

  • EPSS 0.71%
  • Veröffentlicht 11.08.2022 01:15:10
  • Zuletzt bearbeitet 20.10.2025 18:15:37

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This ...

5.5

CVE-2022-2719

  • EPSS 0.03%
  • Veröffentlicht 10.08.2022 20:15:36
  • Zuletzt bearbeitet 21.11.2024 07:01:34

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick versio...