CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-6459 – chromium-browser: Use after free in payments
https://notcve.org/view.php?id=CVE-2020-6459
23 Apr 2020 — Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en payments en Google Chrome versiones anteriores a 81.0.4044.122, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.122. Issues addresse... • https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1760 – ceph: header-splitting in RGW GetObject has a possible XSS
https://notcve.org/view.php?id=CVE-2020-1760
23 Apr 2020 — A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. Se encontró un fallo en Ceph Object Gateway, donde admite peticiones enviadas por un usuario anónimo en Amazon S3. Este fallo podría conllevar a posibles ataques de tipo XSS debido a una falta de neutralización apropiada de una entrada no segura. Adam Mohammed discovered that Ceph incorrectly ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-1983 – libslirp: use after free vulnerability cause a denial of service.
https://notcve.org/view.php?id=CVE-2020-1983
22 Apr 2020 — A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Una vulnerabilidad de uso de la memoria previamente liberada en la función ip_reass() en el archivo ip_input.c de libslirp versiones 4.2.0 y anteriores permite que paquetes especialmente diseñados causen una denegación de servicio. A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00022.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 63%CPEs: 38EXPL: 2CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
21 Apr 2020 — Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL ver... • https://packetstorm.news/files/id/157527 • CWE-476: NULL Pointer Dereference •
CVSS: 9.6EPSS: 1%CPEs: 3EXPL: 0CVE-2020-6457 – chromium-browser: Use after free in speech recognizer
https://notcve.org/view.php?id=CVE-2020-6457
20 Apr 2020 — Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en speech recognizer en Google Chrome versiones anteriores a la versión 81.0.4044.113, permitió a un atacante remoto llevar a cabo potencialmente un escape del sandbox por medio de una página HTML especialmente diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst ... • https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 7%CPEs: 10EXPL: 0CVE-2019-12519 – squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-12519
15 Apr 2020 — An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 0CVE-2019-12520 – squid: Improper input validation in request allows for proxy manipulation
https://notcve.org/view.php?id=CVE-2019-12520
15 Apr 2020 — An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. • http://www.squid-cache.org/Versions/v4 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2019-12521 – squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash
https://notcve.org/view.php?id=CVE-2019-12521
15 Apr 2020 — An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-12524 – squid: Improper access restriction in url_regex may lead to security bypass
https://notcve.org/view.php?id=CVE-2019-12524
15 Apr 2020 — An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. • https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11728 – Debian Security Advisory 4660-1
https://notcve.org/view.php?id=CVE-2020-11728
15 Apr 2020 — An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session. Se descubrió un problema en DAViCal Andrew's Web Libraries (AWL) versiones hasta el 0,60. La administración de sesiones no usa una clave de sesión lo suficientemente difícil de adivinar. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956650 • CWE-384: Session Fixation •