CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-3864 – webkitgtk: Non-unique security origin for DOM object contexts
https://notcve.org/view.php?id=CVE-2020-3864
17 Feb 2020 — A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. Se abordó un problema lógico con una comprobación mejorada. Este problema se corrigió en iCloud para Windows versión 7.17, iTunes versión 12.10.4 para Windows, iCloud para Windows versión 10.9.2, tvOS versión 13.3.1, Safari vers... • https://support.apple.com/en-us/HT210918 • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1720 – postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks
https://notcve.org/view.php?id=CVE-2020-1720
14 Feb 2020 — A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. Se detectó un fallo en "ALTER ... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 5%CPEs: 17EXPL: 0CVE-2020-3757 – flash-plugin: Arbitrary Code Execution vulnerability (APSB20-06)
https://notcve.org/view.php?id=CVE-2020-3757
13 Feb 2020 — Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versiones 32.0.0.321 y anteriores, 32.0.0.314 y anteriores, 32.0.0.321 y anteriores, y 32.0.0.255 y anteriores, presenta una vulnerabilidad de confusión de tipos. Una explotación con éxito podría conllevar a una ejecución de código arbitrario. The flash-plugin pack... • https://access.redhat.com/errata/RHSA-2020:0513 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 4%CPEs: 21EXPL: 1CVE-2020-8945 – proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
https://notcve.org/view.php?id=CVE-2020-8945
12 Feb 2020 — The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. El contenedor Proglottis Go versiones anteriores a 0.1.1 para la biblioteca GPGME, presenta un uso de la memoria previamente liberada, como es demostrado por el uso para las extracciones de imágenes de contenedores para Docker o CRI-O. Esto conlleva a un bloqueo o posible ej... • https://access.redhat.com/errata/RHSA-2020:0679 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-8595 – istio: unauthorised access to JWT protected HTTP path
https://notcve.org/view.php?id=CVE-2020-8595
12 Feb 2020 — Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. Las versiones Istio 1.2.10 (End of Life) y anteriores, 1.3 a 1.3.7, y 1.4 a 1.4.3 permiten la omisión d... • https://access.redhat.com/errata/RHSA-2020:0477 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-1726 – podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created
https://notcve.org/view.php?id=CVE-2020-1726
11 Feb 2020 — A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. Se detectó un fallo en Podman donde permite incorrectamente que los contenedores cuando se crean s... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 1CVE-2020-6415 – chromium-browser: Inappropriate implementation in JavaScript
https://notcve.org/view.php?id=CVE-2020-6415
11 Feb 2020 — Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en JavaScript en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues a... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 1CVE-2020-6416 – chromium-browser: Insufficient data validation in streams
https://notcve.org/view.php?id=CVE-2020-6416
11 Feb 2020 — Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación de datos insuficiente en streams en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 13EXPL: 1CVE-2020-6381 – chromium-browser: Integer overflow in JavaScript
https://notcve.org/view.php?id=CVE-2020-6381
11 Feb 2020 — Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en JavaScript en Google Chrome sobre ChromeOS y Android versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromiu... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 1CVE-2020-6382 – chromium-browser: Type Confusion in JavaScript
https://notcve.org/view.php?id=CVE-2020-6382
11 Feb 2020 — Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en JavaScript en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues addressed include infor... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •