CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-16008 – chromium-browser: Stack buffer overflow in WebRTC
https://notcve.org/view.php?id=CVE-2020-16008
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. Un desbordamiento del búfer de la pila en WebRTC en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de un paquete WebRTC diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1134107 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M https://security.gentoo&# • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-16004 – chromium-browser: Use after free in user interface
https://notcve.org/view.php?id=CVE-2020-16004
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en UI de Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1138911 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M https://security.gentoo&# • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-16005 – chromium-browser: Insufficient policy enforcement in ANGLE
https://notcve.org/view.php?id=CVE-2020-16005
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una aplicación de políticas insuficiente en ANGLE en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1139398 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M https://security.gentoo&# • CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-16006 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2020-16006
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en V8 en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1133527 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M https://security.gentoo&# • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14323 – samba: Unprivileged user can crash winbind
https://notcve.org/view.php?id=CVE-2020-14323
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. Se encontró uno fallo de desreferencia del puntero null en el servicio Winbind de samba en versiones anteriores a 4.11.15, 4.12.9 y 4.13.1. Un usuario local podría utilizar este fallo para bloquear el servicio winbind causando una denegación de servicio A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html https://bugzilla.redhat.com/show_bug.cgi?id=1891685 https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP https://lists.fedoraproject.org/archives/list/package • CWE-170: Improper Null Termination CWE-476: NULL Pointer Dereference •