CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6574 – chromium-browser: Insufficient policy enforcement in installer
https://notcve.org/view.php?id=CVE-2020-6574
14 Sep 2020 — Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Una aplicación insuficiente de la política en installer en Google Chrome en OS X versiones anteriores a 85.0.4183.102, permitía a un atacante local alcanzar potencialmente una escalada de privilegios por medio de un binario diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16873 – Xamarin.Forms Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2020-16873
11 Sep 2020 —
A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.
For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.
The security update addresses this vulnerability by preventing the malicious Javascript from run... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16873 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-15959 – chromium-browser: Insufficient policy enforcement in networking
https://notcve.org/view.php?id=CVE-2020-15959
10 Sep 2020 — Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. Una aplicación insuficiente de la política en networking en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante que convenció al usuario de habilitar el registro para obtener información potencialmente confidencial de la memoria del proceso por medio de ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 9.6EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6573 – chromium-browser: Use after free in video
https://notcve.org/view.php?id=CVE-2020-6573
10 Sep 2020 — Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en video en Google Chrome en Android versiones anteriores a 85.0.4183.102, permitía a un atacante remoto que había comprometido el proceso del renderizador potencialmente llevar a cabo un escape del sandbox por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6575 – chromium-browser: Race in Mojo
https://notcve.org/view.php?id=CVE-2020-6575
10 Sep 2020 — Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un carrera en Mojo en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape sandbox por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6576 – chromium-browser: Use after free in offscreen canvas
https://notcve.org/view.php?id=CVE-2020-6576
10 Sep 2020 — Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en offscreen canvas en Google Chrome versiones anteriores a 85.0.4183.102, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0CVE-2020-6559 – chromium-browser: Use after free in presentation API
https://notcve.org/view.php?id=CVE-2020-6559
27 Aug 2020 — Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en la API de presentación en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto explotar una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6560 – chromium-browser: Insufficient policy enforcement in autofill
https://notcve.org/view.php?id=CVE-2020-6560
27 Aug 2020 — Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de la política en autofill en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6561 – chromium-browser: Inappropriate implementation in Content Security Policy
https://notcve.org/view.php?id=CVE-2020-6561
27 Aug 2020 — Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada en Content Security Policy en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6562 – chromium-browser: Insufficient policy enforcement in Blink
https://notcve.org/view.php?id=CVE-2020-6562
27 Aug 2020 — Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de la política en Blink en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •