CVE-2022-3661

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. (Chromium security severity: Low)

Related Vulnerabilities

CVE-2013-0342

MEDIUM
CVSS:4.3(Medium)

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than...

CWE-202013

CVE-2013-1811

MEDIUM
CVSS:4.3(Medium)

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

CWE-202013

CVE-2013-1930

MEDIUM
CVSS:4.3(Medium)

MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.

CWE-202013

CVE-2015-7789

MEDIUM
CVSS:4.3(Medium)

ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.

CWE-202015

CVE-2016-0005

MEDIUM
CVSS:4.3(Medium)

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."

CWE-202016

CVE-2016-0211

MEDIUM
CVSS:4.3(Medium)

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA messa...

CWE-202016