CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-15969 – chromium-browser: Use after free in WebRTC
https://notcve.org/view.php?id=CVE-2020-15969
13 Oct 2020 — Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebRTC en Google Chrome anterior a versión 86.0.4240.75, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada macOS Big Sur 11.1, Security Update 2020-001 Catalina, and Security Update 2020-007 Mojave address buffer overflow, bypass, code execution... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2013-0340 – Apple Security Advisory 2021-10-26-11
https://notcve.org/view.php?id=CVE-2013-0340
21 Jan 2014 — expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issu... • http://openwall.com/lists/oss-security/2013/02/22/3 • CWE-611: Improper Restriction of XML External Entity Reference •