CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3311
https://notcve.org/view.php?id=CVE-2022-3311
Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html https://crbug.com/1302813 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3314
https://notcve.org/view.php?id=CVE-2022-3314
Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html https://crbug.com/1328708 • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3308
https://notcve.org/view.php?id=CVE-2022-3308
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html https://crbug.com/1342722 •
CVSS: 9.6EPSS: 1%CPEs: 2EXPL: 0CVE-2022-3075 – Google Chromium Mojo Insufficient Data Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-3075
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. ... Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html https://crbug.com/1358134 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202209-23 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40635 – Improper Control of Dynamically-Managed Code Resources in Crafter Studio
https://notcve.org/view.php?id=CVE-2022-40635
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. Una vulnerabilidad de Control Inapropiado de los Recursos de Código Administrados Dinámicamente en Crafter Studio de Crafter CMS permite a desarrolladores autenticados ejecutar comandos del Sistema Operativo por medio de Groovy Sandbox Bypass • https://github.com/mbadanoiu/CVE-2022-40635 https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602 • CWE-913: Improper Control of Dynamically-Managed Code Resources •