CVE-2022-1185
published 2022-04-04CVE-2022-1185: A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to…
PriorityP432medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.28%
66.4th percentile
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 10.0.0 < 14.7.7 | 14.7.7 |
| gitlab | gitlab | >= 14.8.0 < 14.8.5 | 14.8.5 |
| gitlab | gitlab | >= 14.9.0 < 14.9.2 | 14.9.2 |
| gitlab | gitlab_ce | — | — |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_msrc9.6CRITICAL
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q757-g3qv-54vf: A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14
ghsa_unreviewed·2022-04-05
CVE-2022-1185 [MEDIUM] CWE-400 GHSA-q757-g3qv-54vf: A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
OSV
CVE-2022-1185: A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14
osv·2022-04-04·CVSS 6.5
CVE-2022-1185 [MEDIUM] CVE-2022-1185: A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
Microsoft
Chromium: CVE-2022-1313 Use after free in tab groups
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1313 [HIGH] Chromium: CVE-2022-1313 Use after free in tab groups
Chromium: CVE-2022-1313 Use after free in tab groups
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How
Microsoft
Chromium: CVE-2022-1127 Use after free in QR Code Generator
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1127 [HIGH] Chromium: CVE-2022-1127 Use after free in QR Code Generator
Chromium: CVE-2022-1127 Use after free in QR Code Generator
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browse
Microsoft
Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen Mode
vendor_msrc·2022-04-12·CVSS 6.5
CVE-2022-1129 [MEDIUM] Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen Mode
Chromium: CVE-2022-1129 Inappropriate implementation in Full Screen Mode
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2022-04-12·CVSS 4.3
CVE-2022-24523 [MEDIUM] Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Spoofing
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
Microsoft
Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing
vendor_msrc·2022-04-12·CVSS 6.5
CVE-2022-1146 [MEDIUM] Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing
Chromium: CVE-2022-1146 Inappropriate implementation in Resource Timing
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version o
Microsoft
Chromium: CVE-2022-1309 Insufficient policy enforcement in developer tools
vendor_msrc·2022-04-12·CVSS 9.6
CVE-2022-1309 [CRITICAL] Chromium: CVE-2022-1309 Insufficient policy enforcement in developer tools
Chromium: CVE-2022-1309 Insufficient policy enforcement in developer tools
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no l
Microsoft
Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor
vendor_msrc·2022-04-12·CVSS 6.5
CVE-2022-1138 [MEDIUM] Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor
Chromium: CVE-2022-1138 Inappropriate implementation in Web Cursor
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2022-04-12·CVSS 8.3
CVE-2022-26912 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: Why is the severity for this CVE rated as Moderate, but the CVSS score is 8.3?
Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
Micros
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2022-04-12·CVSS 8.3
CVE-2022-26908 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Microsoft
Chromium: CVE-2022-1308 Use after free in BFCache
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1308 [HIGH] Chromium: CVE-2022-1308 Use after free in BFCache
Chromium: CVE-2022-1308 Use after free in BFCache
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can
Microsoft
Chromium: CVE-2022-1310 Use after free in regular expressions
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1310 [HIGH] Chromium: CVE-2022-1310 Use after free in regular expressions
Chromium: CVE-2022-1310 Use after free in regular expressions
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnera
Microsoft
Chromium: CVE-2022-1143 Heap buffer overflow in WebUI
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1143 [HIGH] Chromium: CVE-2022-1143 Heap buffer overflow in WebUI
Chromium: CVE-2022-1143 Heap buffer overflow in WebUI
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In
Microsoft
Chromium: CVE-2022-1306 Inappropriate implementation in compositing
vendor_msrc·2022-04-12·CVSS 4.3
CVE-2022-1306 [MEDIUM] Chromium: CVE-2022-1306 Inappropriate implementation in compositing
Chromium: CVE-2022-1306 Inappropriate implementation in compositing
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer v
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2022-04-12·CVSS 8.3
CVE-2022-26895 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Microsoft
Chromium: CVE-2022-1307 Inappropriate implementation in full screen
vendor_msrc·2022-04-12·CVSS 4.3
CVE-2022-1307 [MEDIUM] Chromium: CVE-2022-1307 Inappropriate implementation in full screen
Chromium: CVE-2022-1307 Inappropriate implementation in full screen
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer v
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2022-04-12·CVSS 8.3
CVE-2022-26894 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Microsoft
Chromium: CVE-2022-1133 Use after free in WebRTC
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1133 [HIGH] Chromium: CVE-2022-1133 Use after free in WebRTC
Chromium: CVE-2022-1133 Use after free in WebRTC
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your
Microsoft
Chromium: CVE-2022-1312 Use after free in storage
vendor_msrc·2022-04-12·CVSS 9.6
CVE-2022-1312 [CRITICAL] Chromium: CVE-2022-1312 Use after free in storage
Chromium: CVE-2022-1312 Use after free in storage
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can
Microsoft
Chromium: CVE-2022-1137 Inappropriate implementation in Extensions
vendor_msrc·2022-04-12·CVSS 6.5
CVE-2022-1137 [MEDIUM] Chromium: CVE-2022-1137 Inappropriate implementation in Extensions
Chromium: CVE-2022-1137 Inappropriate implementation in Extensions
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the
Microsoft
Chromium: CVE-2022-1125 Use after free in Portals
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1125 [HIGH] Chromium: CVE-2022-1125 Use after free in Portals
Chromium: CVE-2022-1125 Use after free in Portals
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In you
Microsoft
Chromium: CVE-2022-1314 Type Confusion in V8
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1314 [HIGH] Chromium: CVE-2022-1314 Type Confusion in V8
Chromium: CVE-2022-1314 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I se
Microsoft
Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP
vendor_msrc·2022-04-12·CVSS 8.1
CVE-2022-1130 [HIGH] Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP
Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the vers
Microsoft
Chromium: CVE-2022-1145 Use after free in Extensions
vendor_msrc·2022-04-12·CVSS 7.5
CVE-2022-1145 [HIGH] Chromium: CVE-2022-1145 Use after free in Extensions
Chromium: CVE-2022-1145 Use after free in Extensions
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In
Microsoft
Chromium: CVE-2022-1364: Type Confusion in V8
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1364 [HIGH] Chromium: CVE-2022-1364: Type Confusion in V8
Chromium: CVE-2022-1364: Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Google is aware that an exploit for CVE-2022-1364 exists in the wild.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version o
Microsoft
Chromium: CVE-2022-1305 Use after free in storage
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1305 [HIGH] Chromium: CVE-2022-1305 Use after free in storage
Chromium: CVE-2022-1305 Use after free in storage
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.44
4/15/2022
100.0.4896.127
100.0.1185.44
4/15/2022
100.0.4896.88
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2022-04-12·CVSS 8.3
CVE-2022-26900 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2022-04-12·CVSS 8.3
CVE-2022-24475 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2022-04-12·CVSS 8.3
CVE-2022-26891 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Microsoft
Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API
vendor_msrc·2022-04-12·CVSS 6.5
CVE-2022-1139 [MEDIUM] Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API
Chromium: CVE-2022-1139 Inappropriate implementation in Background Fetch API
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the vers
Microsoft
Chromium: CVE-2022-1134 Type Confusion in V8
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1134 [HIGH] Chromium: CVE-2022-1134 Type Confusion in V8
Chromium: CVE-2022-1134 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Mic
Microsoft
Chromium: CVE-2022-1135 Use after free in Shopping Cart
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1135 [HIGH] Chromium: CVE-2022-1135 Use after free in Shopping Cart
Chromium: CVE-2022-1135 Use after free in Shopping Cart
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
Microsoft
Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API
vendor_msrc·2022-04-12·CVSS 6.5
CVE-2022-1128 [MEDIUM] Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API
Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of
Microsoft
Chromium: CVE-2022-1232 Type Confusion in V8
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1232 [HIGH] Chromium: CVE-2022-1232 Type Confusion in V8
Chromium: CVE-2022-1232 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.36
4/7/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Mic
Microsoft
Chromium: CVE-2022-1131 Use after free in Cast UI
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1131 [HIGH] Chromium: CVE-2022-1131 Use after free in Cast UI
Chromium: CVE-2022-1131 Use after free in Cast UI
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In you
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2022-04-12·CVSS 8.3
CVE-2022-26909 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
FAQ: Why is the severity for this CVE rated as Moderate, but the CVSS score is 8.3?
Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
Micros
Microsoft
Chromium: CVE-2022-1136 Use after free in Tab Strip
vendor_msrc·2022-04-12·CVSS 8.8
CVE-2022-1136 [HIGH] Chromium: CVE-2022-1136 Use after free in Tab Strip
Chromium: CVE-2022-1136 Use after free in Tab Strip
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
100.0.1185.29
4/1/2022
100.0.4896.60
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In y
GitLab
CVE-2022-1185: A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an at
vendor_gitlab·2022-04-04·CVSS 6.5
CVE-2022-1185 [MEDIUM] CWE-787 CVE-2022-1185: A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an at
CVE-2022-1185: A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
Debian
CVE-2022-1185: gitlab - A denial of service vulnerability when rendering RDoc files in GitLab CE/EE vers...
vendor_debian·2022·CVSS 6.5
CVE-2022-1185 [MEDIUM] CVE-2022-1185: gitlab - A denial of service vulnerability when rendering RDoc files in GitLab CE/EE vers...
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1185.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/349148https://hackerone.com/reports/1415071https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1185.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/349148https://hackerone.com/reports/1415071
2022-04-04
Published