CVE-2020-8228
https://notcve.org/view.php?id=CVE-2020-8228
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. Una falta de límite de velocidad en la aplicación Preferred Providers versión 1.7.0, permitió a un atacante ajustar la contraseña una cantidad de veces no controlada • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html https://hackerone.com/reports/922470 https://nextcloud.com/security/advisory/?id=NC-SA-2020-033 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-840: Business Logic Errors •
CVE-2019-11556
https://notcve.org/view.php?id=CVE-2019-11556
Pagure before 5.6 allows XSS via the templates/blame.html blame view. Pagure versiones anteriores a 5.6, permite ataques de tipo XSS por medio de la vista dblame en el archivo templates/blame.html • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html https://docs.pagure.org/pagure/changelog.html https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618 https://pagure.io/pagure/commits/master • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6558
https://notcve.org/view.php?id=CVE-2020-6558
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en iOSWeb en Google Chrome en iOS versiones anteriores a 85.0.4183.83, permitía a un atacante remoto omitir restricciones de navegación por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html https://crbug.com/1109120 https://www.debian.org/security/2021/dsa-4824 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15966 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-15966
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa obtener información potencialmente confidencial por medio de una Chrome Extension diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1113565 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI •
CVE-2020-15964 – chromium-browser: Insufficient data validation in media
https://notcve.org/view.php?id=CVE-2020-15964
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación insuficiente de datos en media en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1121414 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •