CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6553 – chromium-browser: Use after free in offline mode
https://notcve.org/view.php?id=CVE-2020-6553
Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en offline mode en Google Chrome en iOS versiones anteriores a 84.0.4147.125, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html https://crbug.com/1111307 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT https://www.debian.org/security/2021/dsa-4824 https://access.redhat.com/security/cve/CVE-2020-6553 https://bugzilla.redhat.com/show_bug.cgi?id=1867950 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6528 – chromium-browser: Incorrect security UI in basic auth
https://notcve.org/view.php?id=CVE-2020-6528
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una Interfaz de Usuario de seguridad incorrecta en basic auth en Google Chrome en iOS versiones anteriores a 84.0.4147.89, permitió a un atacante remoto falsificar el contenido del Omnibox (barra URL) por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1063690 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 3CVE-2020-6514 – chromium-browser: Inappropriate implementation in WebRTC
https://notcve.org/view.php?id=CVE-2020-6514
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Una implementación inapropiada en WebRTC en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante en una posición de red privilegiada potencialmente explotar una corrupción de la pila por medio de un flujo SCTP diseñado • https://github.com/hasan-khalil/CVE-2020-6514 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http:/&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0CVE-2020-9633 – flash-plugin: Arbitrary Code Execution vulnerability (APSB20-30)
https://notcve.org/view.php?id=CVE-2020-9633
Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player Desktop Runtime versiones 32.0.0.371 y anteriores, Adobe Flash Player para Google Chrome versiones 32.0.0.371 y anteriores, y Adobe Flash Player para Microsoft Edge y Internet Explorer versiones 32.0.0.330 y anteriores presentan una vulnerabilidad de un uso de la memoria previamente liberada. Una explotación con éxito podría conllevar a una ejecución de código arbitraria A use-after-free flaw was found in the Adobe Flash Player. This flaw an attacker to perform arbitrary code execution when the Flash player is used to play a specially crafted SWF file. • https://helpx.adobe.com/security/products/flash-player/apsb20-30.html https://security.gentoo.org/glsa/202006-09 https://access.redhat.com/security/cve/CVE-2020-9633 https://bugzilla.redhat.com/show_bug.cgi?id=1845700 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6498
https://notcve.org/view.php?id=CVE-2020-6498
Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Una implementación incorrecta en user interface en Google Chrome en iOS versiones anteriores a 83.0.4103.88, permitió a un atacante remoto llevar a cabo una suplantación de dominio por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html https://crbug.com/1081081 https://www.debian.org/security/2020/dsa-4714 • CWE-276: Incorrect Default Permissions •