CVSS: 7.5EPSS: 0%CPEs: 63EXPL: 0CVE-2022-45060 – varnish: Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. Se descubrió un problema de HTTP Request Forgery en Varnish Cache 5.x y 6.x anteriores a 6.0.11, 7.x anteriores a 7.1.2 y 7.2.x anteriores a 7.2.1. • https://docs.varnish-software.com/security/VSV00011 https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU https://varnish-cache.org/security/VSV00011.html htt • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2022-45062
https://notcve.org/view.php?id=CVE-2022-45062
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. En Xfce xfce4-settings anterior a 4.16.4 y 4.17.x anterior a 4.17.1, existe una vulnerabilidad de inyección de argumentos en xfce4-mime-helper. • https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110 https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 https://gitlab.xfce.org/xfce/xfce4-settings/-/tags https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF https://security.gentoo.org/glsa/202305-05 https://www.debian.org/security/2022/dsa-5296 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3885
https://notcve.org/view.php?id=CVE-2022-3885
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use-after-free en V8 en Google Chrome anterior a 107.0.5304.106 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Alta) • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html https://crbug.com/1377816 https://www.debian.org/security/2022/dsa-5275 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3886
https://notcve.org/view.php?id=CVE-2022-3886
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use-after-free en Speech Recognition en Google Chrome anterior a 107.0.5304.106 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Alta) • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html https://crbug.com/1372999 https://www.debian.org/security/2022/dsa-5275 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3887
https://notcve.org/view.php?id=CVE-2022-3887
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use-after-free en Web Workers en Google Chrome anterior a 107.0.5304.106 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Alta) • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html https://crbug.com/1372695 https://www.debian.org/security/2022/dsa-5275 • CWE-416: Use After Free •