CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2020-6449 – chromium-browser: Use after free in audio
https://notcve.org/view.php?id=CVE-2020-6449
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en audio en Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html https://crbug.com/1059686 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI https://lists.fedoraproject.org/archives/list/package-a • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 1CVE-2019-3696 – pcp: Local privilege escalation from user pcp to root through migrate_tempdirs
https://notcve.org/view.php?id=CVE-2019-3696
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. • https://bugzilla.suse.com/show_bug.cgi?id=1153921 https://access.redhat.com/security/cve/CVE-2019-3696 https://bugzilla.redhat.com/show_bug.cgi?id=1811707 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 1CVE-2019-3695 – pcp: Local privilege escalation from user pcp to root
https://notcve.org/view.php?id=CVE-2019-3695
A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. • https://bugzilla.suse.com/show_bug.cgi?id=1152763 https://access.redhat.com/security/cve/CVE-2019-3695 https://bugzilla.redhat.com/show_bug.cgi?id=1811703 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18903 – wicked: Use-after-free when receiving invalid DHCP6 IA_PD option
https://notcve.org/view.php?id=CVE-2019-18903
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62. Una vulnerabilidad de Uso de la Memoria Previamente Liberada, en wicked de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, y Factory, permite a atacantes remotos causar una DoS o potencialmente una ejecución de código. Este problema afecta: wicked de SUSE Linux Enterprise Server 12 versiones anteriores a 0.6.60-2.18.1. wicked de SUSE Linux Enterprise Server 15 versiones anteriores a 0.6.60-28.26.1. wicked de openSUSE Leap versiones 15.1 anteriores a 0.6.60-lp151.2.9.1. wicked de openSUSE Factory versiones anteriores a 0.6.62. • https://bugzilla.suse.com/show_bug.cgi?id=1160904 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18902 – wicked: Use-after-free when receiving invalid DHCP6 client options
https://notcve.org/view.php?id=CVE-2019-18902
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62. Una vulnerabilidad de Uso de la Memoria Previamente Liberada en wicked de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, y Factory, permite a atacantes remotos causar DoS o potencialmente una ejecución de código. Este problema afecta: wicked de SUSE Linux Enterprise Server 12 versiones anteriores a 0.6.60-3.5.1. wicked de SUSE Linux Enterprise Server 15 versiones anteriores a 0.6.60-3.21.1. wicked de openSUSE Leap 15.1 versiones anteriores a 0.6.60-lp151.2.6.1. wicked de openSUSE Factory versiones anteriores a 0.6.62. • https://bugzilla.suse.com/show_bug.cgi?id=1160903 • CWE-416: Use After Free •