CVE List - 2022 / December
Showing 1701 - 1800 of 2356 CVEs for December 2022 (Page 18 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-29913 | 2022-12-22 | The parent process would not properly check whether the Speech... |
| CVE-2022-29914 | 2022-12-22 | When reusing existing popups Firefox would have allowed them to... |
| CVE-2022-29915 | 2022-12-22 | The Performance API did not properly hide the fact whether... |
| CVE-2022-29916 | 2022-12-22 | Firefox behaved slightly differently for already known resources when loading... |
| CVE-2022-29917 | 2022-12-22 | Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the... |
| CVE-2022-29918 | 2022-12-22 | Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing... |
| CVE-2022-3033 | 2022-12-22 | If a Thunderbird user replied to a crafted HTML email... |
| CVE-2022-3034 | 2022-12-22 | When receiving an HTML email that specified to load an... |
| CVE-2022-3155 | 2022-12-22 | When saving or opening an email attachment on macOS, Thunderbird... |
| CVE-2022-31736 | 2022-12-22 | A malicious website could have learned the size of a... |
| CVE-2022-31737 | 2022-12-22 | A malicious webpage could have caused an out-of-bounds write in... |
| CVE-2022-31738 | 2022-12-22 | When exiting fullscreen mode, an iframe could have confused the... |
| CVE-2022-31739 | 2022-12-22 | When downloading files on Windows, the % character was not... |
| CVE-2022-31740 | 2022-12-22 | On arm64, WASM code could have resulted in incorrect assembly... |
| CVE-2022-31741 | 2022-12-22 | A crafted CMS message could have been processed incorrectly, leading... |
| CVE-2022-31742 | 2022-12-22 | An attacker could have exploited a timing attack by sending... |
| CVE-2022-31743 | 2022-12-22 | Firefox's HTML parser did not correctly interpret HTML comment tags,... |
| CVE-2022-31744 | 2022-12-22 | An attacker could have injected CSS into stylesheets accessible via... |
| CVE-2022-31745 | 2022-12-22 | If array shift operations are not used, the Garbage Collector... |
| CVE-2022-31746 | 2022-12-22 | Internal URLs are protected by a secret UUID key, which... |
| CVE-2022-31747 | 2022-12-22 | Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla... |
| CVE-2022-31748 | 2022-12-22 | Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard,... |
| CVE-2022-3266 | 2022-12-22 | An out-of-bounds read can occur when decoding H264 video. This... |
| CVE-2022-34468 | 2022-12-22 | An iframe that was not permitted to run scripts could... |
| CVE-2022-34469 | 2022-12-22 | When a TLS Certificate error occurs on a domain protected... |
| CVE-2022-34470 | 2022-12-22 | Session history navigations may have led to a use-after-free and... |
| CVE-2022-34471 | 2022-12-22 | When downloading an update for an addon, the downloaded addon... |
| CVE-2022-34472 | 2022-12-22 | If there was a PAC URL set and the server... |
| CVE-2022-34473 | 2022-12-22 | The HTML Sanitizer should have sanitized the <code>href</code> attribute of... |
| CVE-2022-34474 | 2022-12-22 | Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it... |
| CVE-2022-34475 | 2022-12-22 | SVG <code><use></code> tags that referenced a same-origin document could have... |
| CVE-2022-34476 | 2022-12-22 | ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP... |
| CVE-2022-34477 | 2022-12-22 | The MediaError message property should be consistent to avoid leaking... |
| CVE-2022-34478 | 2022-12-22 | The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft... |
| CVE-2022-34479 | 2022-12-22 | A malicious website that could create a popup could have... |
| CVE-2022-34480 | 2022-12-22 | Within the <code>lg_init()</code> function, if several allocations succeed but then... |
| CVE-2022-34481 | 2022-12-22 | In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred... |
| CVE-2022-34482 | 2022-12-22 | An attacker who could have convinced a user to drag... |
| CVE-2022-34483 | 2022-12-22 | An attacker who could have convinced a user to drag... |
| CVE-2022-34484 | 2022-12-22 | The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird... |
| CVE-2022-34485 | 2022-12-22 | Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing... |
| CVE-2022-36314 | 2022-12-22 | When opening a Windows shortcut from the local filesystem, an... |
| CVE-2022-36315 | 2022-12-22 | When loading a script with Subresource Integrity, attackers with an... |
| CVE-2022-36316 | 2022-12-22 | When using the Performance API, an attacker was able to... |
| CVE-2022-36317 | 2022-12-22 | When visiting a website with an overly long URL, the... |
| CVE-2022-36318 | 2022-12-22 | When visiting directory listings for `chrome://` URLs as source text,... |
| CVE-2022-36319 | 2022-12-22 | When combining CSS properties for overflow and transform, the mouse... |
| CVE-2022-36320 | 2022-12-22 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety... |
| CVE-2022-38472 | 2022-12-22 | An attacker could have abused XSLT error handling to associate... |
| CVE-2022-38473 | 2022-12-22 | A cross-origin iframe referencing an XSLT document would inherit the... |
| CVE-2022-38474 | 2022-12-22 | A website that had permission to access the microphone could... |
| CVE-2022-38475 | 2022-12-22 | An attacker could have written a value to the first... |
| CVE-2022-38476 | 2022-12-22 | A data race could occur in the <code>PK11_ChangePW</code> function, potentially... |
| CVE-2022-38477 | 2022-12-22 | Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported... |
| CVE-2022-38478 | 2022-12-22 | Members the Mozilla Fuzzing Team reported memory safety bugs present... |
| CVE-2022-40898 | 2022-12-22 | An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1... |
| CVE-2022-40899 | 2022-12-22 | An issue discovered in Python Charmers Future 0.18.2 and earlier... |
| CVE-2022-40956 | 2022-12-22 | When injecting an HTML base element, some requests would ignore... |
| CVE-2022-40957 | 2022-12-22 | Inconsistent data in instruction and data cache when creating wasm... |
| CVE-2022-40958 | 2022-12-22 | By injecting a cookie with certain special characters, an attacker... |
| CVE-2022-40959 | 2022-12-22 | During iframe navigation, certain pages did not have their FeaturePolicy... |
| CVE-2022-40960 | 2022-12-22 | Concurrent use of the URL parser with non-UTF-8 data was... |
| CVE-2022-40961 | 2022-12-22 | During startup, a graphics driver with an unexpected name could... |
| CVE-2022-40962 | 2022-12-22 | Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson,... |
| CVE-2022-42927 | 2022-12-22 | A same-origin policy violation could have allowed the theft of... |
| CVE-2022-42928 | 2022-12-22 | Certain types of allocations were missing annotations that, if the... |
| CVE-2022-42929 | 2022-12-22 | If a website called `window.print()` in a particular way, it... |
| CVE-2022-42930 | 2022-12-22 | If two Workers were simultaneously initializing their CacheStorage, a data... |
| CVE-2022-42931 | 2022-12-22 | Logins saved by Firefox should be managed by the Password... |
| CVE-2022-42932 | 2022-12-22 | Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported... |
| CVE-2022-43271 | 2022-12-22 | Inhabit Systems Pty Ltd Move CRM version 4, build 260... |
| CVE-2022-45403 | 2022-12-22 | Service Workers should not be able to infer information about... |
| CVE-2022-45404 | 2022-12-22 | Through a series of popup and <code>window.print()</code> calls, an attacker... |
| CVE-2022-45405 | 2022-12-22 | Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could... |
| CVE-2022-45406 | 2022-12-22 | If an out-of-memory condition occurred when creating a JavaScript global,... |
| CVE-2022-45407 | 2022-12-22 | If an attacker loaded a font using <code>FontFace()</code> on a... |
| CVE-2022-45408 | 2022-12-22 | Through a series of popups that reuse windowName, an attacker... |
| CVE-2022-45409 | 2022-12-22 | The garbage collector could have been aborted in several states... |
| CVE-2022-45410 | 2022-12-22 | When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin... |
| CVE-2022-45411 | 2022-12-22 | Cross-Site Tracing occurs when a server will echo a request... |
| CVE-2022-45412 | 2022-12-22 | When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message... |
| CVE-2022-45413 | 2022-12-22 | Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a... |
| CVE-2022-45414 | 2022-12-22 | If a Thunderbird user quoted from an HTML email, for... |
| CVE-2022-45415 | 2022-12-22 | When downloading an HTML file, if the title of the... |
| CVE-2022-45416 | 2022-12-22 | Keyboard events reference strings like "KeyA" that were at fixed,... |
| CVE-2022-45417 | 2022-12-22 | Service Workers did not detect Private Browsing Mode correctly in... |
| CVE-2022-45418 | 2022-12-22 | If a custom mouse cursor is specified in CSS, under... |
| CVE-2022-45419 | 2022-12-22 | If the user added a security exception for an invalid... |
| CVE-2022-45420 | 2022-12-22 | Use tables inside of an iframe, an attacker could have... |
| CVE-2022-45421 | 2022-12-22 | Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety... |
| CVE-2022-45966 | 2022-12-22 | here is an arbitrary file upload vulnerability in the file... |
| CVE-2022-46101 | 2022-12-22 | AyaCMS v3.1.2 was found to have a code flaw in... |
| CVE-2022-46102 | 2022-12-22 | AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php |
| CVE-2022-4644 | 2022-12-22 | Open Redirect in ikus060/rdiffweb |
| CVE-2022-4646 | 2022-12-22 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb |
| CVE-2022-4647 | 2022-12-22 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2022-46491 | 2022-12-22 | A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator... |
| CVE-2022-46493 | 2022-12-22 | Default version of nbnbk was discovered to contain an arbitrary... |
| CVE-2022-4662 | 2022-12-22 | A flaw incorrect access control in the Linux kernel USB... |
| CVE-2022-46871 | 2022-12-22 | An out of date library (libusrsctp) contained vulnerabilities that could... |