CVE-2020-13614
https://notcve.org/view.php?id=CVE-2020-13614
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. Se detectó un problema en el archivo ssl.c en Axel versiones anteriores a 2.17.8. La implementación TLS carece de verificación del nombre de host. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00010.html https://github.com/axel-download-accelerator/axel/issues/262 https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPZUQSDGV5XDBJGHBWBHWJIBE47Q4QIB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S3ECAKIZA2TGBYLUQTLGRMXUFIOGRHG3 • CWE-295: Improper Certificate Validation •
CVE-2020-6491 – chromium-browser: Incorrect security UI in site information
https://notcve.org/view.php?id=CVE-2020-6491
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. Una comprobación insuficiente de datos en site information en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto falsificar la Interfaz de Usuario de seguridad por medio de un nombre de dominio especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1050011 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g •
CVE-2020-6489 – chromium-browser: Inappropriate implementation in developer tools
https://notcve.org/view.php?id=CVE-2020-6489
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. Una implementación inapropiada en developer tools en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto que había convencido al usuario de tomar determinadas acciones en developer tools para obtener información potencialmente sensible del disco por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1050756 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-6490 – chromium-browser: Insufficient data validation in loader
https://notcve.org/view.php?id=CVE-2020-6490
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. Una comprobación insuficiente de datos en loader en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto que había sido capaz de escribir en el disco filtrar datos de tipo cross-origin por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1035887 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2020-6487 – chromium-browser: Insufficient policy enforcement in downloads
https://notcve.org/view.php?id=CVE-2020-6487
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de políticas en downloads en Google Chrome versiones anteriores a 83.0.4103.61, permitió a un atacante remoto omitir unas restricciones de navegación por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/539938 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.ge • CWE-276: Incorrect Default Permissions •