CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2020-15962 – chromium-browser: Insufficient policy enforcement in serial
https://notcve.org/view.php?id=CVE-2020-15962
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una comprobación insuficiente de la política en serial in Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1121836 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI •
CVSS: 9.6EPSS: 0%CPEs: 9EXPL: 1CVE-2020-15961 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-15961
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Una comprobación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa llevar a cabo potencialmente un escape del sandbox por medio de una Chrome Extension diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1114636 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2020-15960 – chromium-browser: Out of bounds read in storage
https://notcve.org/view.php?id=CVE-2020-15960
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Un desbordamiento del búfer de la pila en storage en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1100136 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-0432
https://notcve.org/view.php?id=CVE-2020-0432
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807 En la función skb_to_mamac del archivo networking.c, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una escalada de privilegios local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html https://source.android.com/security/bulletin/pixel/2020-09-01 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-0431 – kernel: possible out of bounds write in kbd_keycode of keyboard.c
https://notcve.org/view.php?id=CVE-2020-0431
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 En la función kbd_keycode del archivo keyboard.c, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html https://source.android.com/security/bulletin/pixel/2020-09-01 https://access.redhat.com/security/cve/CVE-2020-0431 https://bugzilla.redhat.com/show_bug.cgi?id=1919889 • CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •