CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0CVE-2020-6559 – chromium-browser: Use after free in presentation API
https://notcve.org/view.php?id=CVE-2020-6559
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en la API de presentación en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto explotar una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html https://crbug.com/1116706 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT https://security.gentoo.org/glsa/202101-30 https:/&# • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2020-24614
https://notcve.org/view.php?id=CVE-2020-24614
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. Fossil versiones anteriores a 2.10.2, versiones 2.11.x anteriores a 2.11.2 y versiones 2.12.x anteriores a 2.12.1, permite a usuarios autenticados remotos ejecutar código arbitrario. Un atacante debe tener privilegios de registro en el repositorio • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00065.html http://www.openwall.com/lists/oss-security/2020/08/25/1 https://fossil-scm.org/forum/info/a05ae3ce7760daf6 https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARYF4YMYXCANXUDS3B3CA4JGUZNUJOJA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVZK4K7SFBQRCGCHS76HW2LTSEH2KSUM https://secur • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2020-8233
https://notcve.org/view.php?id=CVE-2020-8233
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. Se presenta una vulnerabilidad de inyección de comandos en el firmware de EdgeSwitch versiones anteriores a v1.9.0, que permitía a un usuario autenticado de solo lectura ejecutar comandos de shell arbitrarios por medio de la interfaz HTTP, permitiéndoles escalar privilegios. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821 https://www.ui.com/download/edgemax • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8026 – inn: non-root owned files
https://notcve.org/view.php?id=CVE-2020-8026
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de inn en openSUSE Leap versión 15.2, openSUSE Tumbleweed, openSUSE Leap versión 15.1, permite a atacantes locales con control del nuevo usuario escalar sus privilegios a root. Este problema afecta a: inn versión 2.6.2-lp152.1.26 y versiones anteriores de openSUSE Leap versión 15.2. inn versión 2.6.2-4.2 y versiones anteriores de openSUSE Tumbleweed. inn versión 2.5.4-lp151.3.3.1 y versiones anteriores de openSUSE Leap versión 15.1 • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00074.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00038.html https://bugzilla.suse.com/show_bug.cgi?id=1172573 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-17353
https://notcve.org/view.php?id=CVE-2020-17353
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. El archivo scm/define-stencil-command.scm en LilyPond versiones hasta 2.20.0 y versiones 2.21.x hasta 2.21.4, cuando -dsafe es usada, carece de restricciones en embedded-ps y embedded-svg, como es demostrado al incluir código PostScript peligroso • http://git.savannah.gnu.org/gitweb/?p=lilypond.git%3Ba=commit%3Bh=b84ea4740f3279516905c5db05f4074e777c16ff http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00076.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG2JUV4UTIA27JUE6IZLCEFP5PYSFPF4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2JYMVLTPSNYS5F7TBHKIXUZZJIJAMRX https://www.debian.org/security/202 •