CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20919
https://notcve.org/view.php?id=CVE-2019-20919
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Se detectó un problema en el módulo DBI versiones anteriores a 1.643 para Perl. La documentación de la función hv_fetch() requiere comprobación para NULL y el código lo hace. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-... https://usn.ubun • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-0427 – kernel: out-of-bounds reads in pinctrl subsystem.
https://notcve.org/view.php?id=CVE-2020-0427
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 En la función create_pinctrl del archivo core.c, se presenta una posible lectura fuera de límites debido a un uso de la memoria previamente liberada. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://source.android.com/security/bulletin/pixel/2020-09-01 https://www.starwindsoftware.com/security/sw-20210325-0005 https://access.redhat.com/security/cve/CVE-2020-0427 https://bugzi • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25040
https://notcve.org/view.php?id=CVE-2020-25040
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. Sylabs Singularity versiones hasta 3.6.2, presenta permisos no seguros en directorios temporales utilizados en operaciones de compilación de contenedores explícitas e implícitas, una vulnerabilidad diferente a CVE-2020-25039 • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762 https://medium.com/sylabs • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25039
https://notcve.org/view.php?id=CVE-2020-25039
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Sylabs Singularity versiones 3.2.0 hasta 3.6.2, presenta permisos no seguros en directorios temporales usados en fakeroot o en la ejecución del contenedor de espacio de nombres de usuario • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7 https://medium.com/sylabs • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6574 – chromium-browser: Insufficient policy enforcement in installer
https://notcve.org/view.php?id=CVE-2020-6574
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Una aplicación insuficiente de la política en installer en Google Chrome en OS X versiones anteriores a 85.0.4183.102, permitía a un atacante local alcanzar potencialmente una escalada de privilegios por medio de un binario diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html https://crbug.com/1102196 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKB •