CVSS: 9.6EPSS: 0%CPEs: 9EXPL: 1CVE-2020-15963 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-15963
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa llevar a cabo potencialmente un escape del sandbox por medio de una Chrome Extension diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1113558 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2020-15962 – chromium-browser: Insufficient policy enforcement in serial
https://notcve.org/view.php?id=CVE-2020-15962
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una comprobación insuficiente de la política en serial in Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1121836 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI •
CVSS: 9.6EPSS: 0%CPEs: 9EXPL: 1CVE-2020-15961 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-15961
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Una comprobación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa llevar a cabo potencialmente un escape del sandbox por medio de una Chrome Extension diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1114636 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2020-15960 – chromium-browser: Out of bounds read in storage
https://notcve.org/view.php?id=CVE-2020-15960
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Un desbordamiento del búfer de la pila en storage en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1100136 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20919
https://notcve.org/view.php?id=CVE-2019-20919
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Se detectó un problema en el módulo DBI versiones anteriores a 1.643 para Perl. La documentación de la función hv_fetch() requiere comprobación para NULL y el código lo hace. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-... https://usn.ubun • CWE-476: NULL Pointer Dereference •