CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15247 – Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
https://notcve.org/view.php?id=CVE-2020-15247
23 Nov 2020 — October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyon... • https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982 • CWE-862: Missing Authorization •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16017 – Google Chrome Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-16017
16 Nov 2020 — Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. ... Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16016 – chromium-browser: Inappropriate implementation in base
https://notcve.org/view.php?id=CVE-2020-16016
11 Nov 2020 — Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html •
CVSS: 9.6EPSS: 1%CPEs: 7EXPL: 0CVE-2020-16011 – Chrome ConvertToJavaBitmap Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-16011
03 Nov 2020 — Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16010 – Google Chrome for Android UI Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-16010
03 Nov 2020 — Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en UI de Google Chrome en Android anterior a versión 86.0.4240.185, permitió que un atacante remoto que había comprometido el proceso de renderizado pudiera realizar un escape del sandbox por medio de una página HTML diseñada Google Chrome for Android UI c... • https://chromereleases.googleblog.com/2020/11/chrome-for-android-update.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15998
https://notcve.org/view.php?id=CVE-2020-15998
03 Nov 2020 — Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/10/chrome-for-android-update_31.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2020-15997
https://notcve.org/view.php?id=CVE-2020-15997
03 Nov 2020 — Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/10/chrome-for-android-update_31.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2020-15996
https://notcve.org/view.php?id=CVE-2020-15996
03 Nov 2020 — Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/10/chrome-for-android-update_31.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15990 – chromium-browser: Use after free in autofill
https://notcve.org/view.php?id=CVE-2020-15990
13 Oct 2020 — Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15991 – chromium-browser: Use after free in password manager
https://notcve.org/view.php?id=CVE-2020-15991
13 Oct 2020 — Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-416: Use After Free •