Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-0196

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-13 Jan, 2022 | 00:50
Updated At-02 Aug, 2024 | 23:18
Rejected At-
Credits

Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:13 Jan, 2022 | 00:50
Updated At:02 Aug, 2024 | 23:18
Rejected At:
▼CVE Numbering Authority (CNA)
Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Affected Products
Vendor
phoronix-test-suite
Product
phoronix-test-suite/phoronix-test-suite
Versions
Affected
  • From unspecified before 10.8 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.05.4MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Version: 3.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/phoronix-test-suite/phoronix-test-suite/commit/4f18296a1862fe54a4c58701a1f5ec6bd62a4d94
x_refsource_MISC
https://huntr.dev/bounties/3675eec7-bbce-4dfd-a2d3-d6862dce9ea6
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/
vendor-advisory
x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R/
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://github.com/phoronix-test-suite/phoronix-test-suite/commit/4f18296a1862fe54a4c58701a1f5ec6bd62a4d94
Resource:
x_refsource_MISC
Hyperlink: https://huntr.dev/bounties/3675eec7-bbce-4dfd-a2d3-d6862dce9ea6
Resource:
x_refsource_CONFIRM
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R/
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/phoronix-test-suite/phoronix-test-suite/commit/4f18296a1862fe54a4c58701a1f5ec6bd62a4d94
x_refsource_MISC
x_transferred
https://huntr.dev/bounties/3675eec7-bbce-4dfd-a2d3-d6862dce9ea6
x_refsource_CONFIRM
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R/
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://github.com/phoronix-test-suite/phoronix-test-suite/commit/4f18296a1862fe54a4c58701a1f5ec6bd62a4d94
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://huntr.dev/bounties/3675eec7-bbce-4dfd-a2d3-d6862dce9ea6
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:13 Jan, 2022 | 01:15
Updated At:07 Nov, 2023 | 03:41

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.05.4MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
phoronix-media
phoronix-media
>>phoronix_test_suite>>Versions before 10.8.0(exclusive)
cpe:2.3:a:phoronix-media:phoronix_test_suite:*:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity@huntr.dev
CWE ID: CWE-352
Type: Primary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/phoronix-test-suite/phoronix-test-suite/commit/4f18296a1862fe54a4c58701a1f5ec6bd62a4d94security@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/3675eec7-bbce-4dfd-a2d3-d6862dce9ea6security@huntr.dev
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/security@huntr.dev
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R/security@huntr.dev
N/A
Hyperlink: https://github.com/phoronix-test-suite/phoronix-test-suite/commit/4f18296a1862fe54a4c58701a1f5ec6bd62a4d94
Source: security@huntr.dev
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/3675eec7-bbce-4dfd-a2d3-d6862dce9ea6
Source: security@huntr.dev
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/
Source: security@huntr.dev
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R/
Source: security@huntr.dev
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4951Records found
CVE-2009-2816
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.15% / 83.57%
||
7 Day CHG~0.00%
Published-13 Nov, 2009 | 15:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSEApple Inc.Fedora Project
Product-iphone_oschromeopensusesafarifedoran/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-0720
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.75%
||
7 Day CHG+0.01%
Published-21 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

Action-Not Available
Vendor-clusterlabsn/aRed Hat, Inc.Fedora Project
Product-enterprise_linuxpcsfedoran/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-25982
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.55%
||
7 Day CHG~0.00%
Published-19 Feb, 2024 | 16:32
Updated-24 Apr, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Msa-24-0005: csrf risk in language import utility

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

Action-Not Available
Vendor-Fedora ProjectMoodle Pty Ltd
Product-moodlefedora
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5258
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.30%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Fedora Project
Product-fedoraspring_socialn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1098
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 16:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.

Action-Not Available
Vendor-Red Hat, Inc.Fedora Project
Product-etcdfedoraetcd
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0010
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.29% / 52.38%
||
7 Day CHG~0.00%
Published-20 Jan, 2014 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

Action-Not Available
Vendor-n/aMoodle Pty LtdFedora Project
Product-fedoramoodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25600
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-07 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).

Action-Not Available
Vendor-wepluginsFlippercodeFedora Project
Product-fedorawp_mapsWP Google Map Plugin (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-21703
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-1.79% / 81.98%
||
7 Day CHG~0.00%
Published-08 Feb, 2022 | 20:40
Updated-23 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross Site Request Forgery in Grafana

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Action-Not Available
Vendor-Fedora ProjectNetApp, Inc.Grafana Labs
Product-e-series_performance_analyzergrafanafedoragrafana
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0197
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 00:50
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-phoronix-mediaphoronix-test-suiteFedora Project
Product-phoronix_test_suitefedoraphoronix-test-suite/phoronix-test-suite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-43559
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.15%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 16:00
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

Action-Not Available
Vendor-n/aMoodle Pty LtdFedora Project
Product-extra_packages_for_enterprise_linuxfedoramoodlemoodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5607
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.68%
||
7 Day CHG~0.00%
Published-20 Sep, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery in the REST API in IPython 2 and 3.

Action-Not Available
Vendor-ipythonn/aFedora Project
Product-fedoraipythonn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-38276
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.64%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 19:49
Updated-26 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
moodle: CSRF risks due to misuse of confirm_sesskey

Incorrect CSRF token checks resulted in multiple CSRF risks.

Action-Not Available
Vendor-Fedora ProjectMoodle Pty Ltd
Product-moodlefedoraMoodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-38714
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.62%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 13:57
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

Action-Not Available
Vendor-plib_projectn/aDebian GNU/LinuxFedora Project
Product-extra_packages_for_enterprise_linuxdebian_linuxfedoraplibn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-2137
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.56%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 03:40
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-1521
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-0.75% / 72.11%
||
7 Day CHG~0.00%
Published-13 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationFedora ProjectDebian GNU/Linux
Product-fedorafirefoxgraphite2thunderbirddebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-2133
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.61% / 68.89%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 03:40
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-2690
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.03% / 76.36%
||
7 Day CHG~0.00%
Published-17 Jul, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

Action-Not Available
Vendor-libpngn/aFedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxfedoradebian_linuxlibpngn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-38003
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-76.40% / 98.89%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 21:30
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxchromeChromeChromium V8
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-37998
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.19% / 77.99%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2023-2033
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-6.93% / 91.03%
||
7 Day CHG-1.94%
Published-14 Apr, 2023 | 18:10
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-05-08||Apply updates per vendor instructions.

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Couchbase, Inc.Google LLCFedora ProjectDebian GNU/Linux
Product-chromedebian_linuxfedoracouchbase_serverChromeChromium V8
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-2134
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.53%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 03:40
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-37973
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-19.20% / 95.12%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:40
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxchromeChromeChromium Portals
CWE ID-CWE-416
Use After Free
CVE-2021-37975
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-56.10% / 98.01%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCFedora ProjectDebian GNU/Linux
Product-chromedebian_linuxfedoraChromeChromium V8
CWE ID-CWE-416
Use After Free
CVE-2023-1528
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.03%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 20:50
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-416
Use After Free
CVE-2010-0050
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-45.13% / 97.50%
||
7 Day CHG~0.00%
Published-12 Mar, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectopenSUSEApple Inc.
Product-ubuntu_linuxfedoraopensuseiphone_ossafarin/a
CWE ID-CWE-416
Use After Free
CVE-2023-1812
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.00% / 76.03%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 21:39
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-1818
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.95%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 21:39
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChromechrome
CWE ID-CWE-416
Use After Free
CVE-2021-38011
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.89% / 74.61%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2010-4198
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.28% / 78.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

Action-Not Available
Vendor-webkitgtkn/aFedora ProjectGoogle LLC
Product-fedorachromewebkitgtkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-1531
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.82% / 73.33%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 20:50
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-chromiumFedora ProjectGoogle LLC
Product-chromechromiumfedoraChromechrome
CWE ID-CWE-416
Use After Free
CVE-2023-1820
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.66% / 70.13%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 21:39
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-4206
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.95% / 85.91%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.

Action-Not Available
Vendor-webkitgtkn/aFedora ProjectGoogle LLC
Product-fedorachromewebkitgtkn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-1810
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.97%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 21:39
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-1530
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.03%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 20:50
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCFedora Project
Product-chromefedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2018-5345
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.75% / 72.18%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 00:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxThe GNOME ProjectFedora ProjectRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusgcabenterprise_linux_server_ausenterprise_linux_workstationfedoraenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-1533
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.82%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 20:50
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-416
Use After Free
CVE-2023-1532
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.47% / 63.45%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 20:50
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-37997
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.99% / 75.92%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37978
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.29% / 84.06%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 20:25
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-1811
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.08%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 21:39
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChromechrome
CWE ID-CWE-416
Use After Free
CVE-2023-1815
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.55% / 66.98%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 21:39
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChromechrome
CWE ID-CWE-416
Use After Free
CVE-2010-1772
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-24 Sep, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.

Action-Not Available
Vendor-n/aCanonical Ltd.Google LLCFedora ProjectRed Hat, Inc.openSUSE
Product-ubuntu_linuxenterprise_linuxopensusefedorachromen/a
CWE ID-CWE-416
Use After Free
CVE-2021-38017
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.32%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-863
Incorrect Authorization
CVE-2010-1773
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.78% / 81.94%
||
7 Day CHG~0.00%
Published-24 Sep, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.

Action-Not Available
Vendor-n/aCanonical Ltd.Google LLCFedora ProjectRed Hat, Inc.openSUSE
Product-ubuntu_linuxenterprise_linuxopensusefedorachromen/a
CWE ID-CWE-193
Off-by-one Error
CVE-2009-3231
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.96% / 89.25%
||
7 Day CHG~0.00%
Published-17 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Fedora ProjectopenSUSEThe PostgreSQL Global Development Group
Product-ubuntu_linuxlinux_enterprise_serveropensuselinux_enterprisepostgresqlfedoran/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-38008
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.98% / 82.84%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37962
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.11%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2024-2625
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.45%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 17:06
Updated-13 Mar, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechromefedora
CVE-2021-37961
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.64% / 69.53%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2018-3846
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-2.45% / 84.58%
||
7 Day CHG~0.00%
Published-16 Apr, 2018 | 15:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Action-Not Available
Vendor-nasaFedora ProjectTalos (Cisco Systems, Inc.)
Product-cfitsiofedoraNASA CFITSIO
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 99
  • 100
  • Next
Details not found