Security Vulnerabilities - CVEs Published In July 2022
Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-07-25
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVSS Score
9.6
EPSS Score
0.001
Published
2022-07-25
Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-07-25
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-07-25
The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-07-25
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
CVSS Score
8.0
EPSS Score
0.003
Published
2022-07-25
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-07-25
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
CVSS Score
8.0
EPSS Score
0.003
Published
2022-07-25
This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js.
CVSS Score
9.4
EPSS Score
0.005
Published
2022-07-25
This affects all versions of package google-cloudstorage-commands.
CVSS Score
7.3
EPSS Score
0.004
Published
2022-07-25