Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  Security Vulnerabilities
CVE-2022-39261
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.
CVSS Score
7.5
EPSS Score
0.022
Published
2022-09-28
CVE-2022-3324
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-27
CVE-2022-3055
Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-09-26
CVE-2022-3056
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-09-26
CVE-2022-3057
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-09-26
CVE-2022-3058
Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
CVSS Score
8.8
EPSS Score
0.009
Published
2022-09-26
CVE-2022-3071
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
CVSS Score
8.8
EPSS Score
0.011
Published
2022-09-26
CVE-2022-3075
Known exploited
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVSS Score
9.6
EPSS Score
0.03
Published
2022-09-26
CVE-2022-3195
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.01
Published
2022-09-26
CVE-2022-3196
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.006
Published
2022-09-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved