Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-1479: Chromium: CVE-2022-1479 Use after free in ANGLE

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

Microsoft Security Response Center
#vulnerability#web#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2022-1478: Chromium: CVE-2022-1478 Use after free in SwiftShader

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1477: Chromium: CVE-2022-1477 Use after free in Vulkan

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-29147: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-29146: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

CVE-2022-24891: esapi-java-legacy/esapi4java-core-2.3.0.0-release-notes.txt at develop · ESAPI/esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.

CVE-2022-29417: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.

CVE-2022-28422: bug_report/SQLi-3.md at main · k0xx11/bug_report

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit.

CVE-2022-28420: bug_report/SQLi-1.md at main · k0xx11/bug_report

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.

CVE-2022-28421: bug_report/SQLi-2.md at main · k0xx11/bug_report

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=.