CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2020-6496 – chromium-browser: Use after free in payments
https://notcve.org/view.php?id=CVE-2020-6496
Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. El uso de la memoria previamente liberada en payments en Google Chrome en MacOS versiones anteriores a 83.0.4103.97, permitió a un atacante remoto poder llevar a cabo un escape del sandbox por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html https://crbug.com/1085990 https://security.gentoo.org/glsa/202006-02 https://www.debian.org/security/2020/dsa-4714 https://access.redhat.com/security/cve/CVE-2020-6496 https://bugzilla.redhat.com/show_bug.cgi?id=1844557 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-6494 – chromium-browser: Incorrect security UI in payments
https://notcve.org/view.php?id=CVE-2020-6494
Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una Interfaz de Usuario de seguridad incorrecta en payments en Google Chrome en Android versiones anteriores a 83.0.4103.97, permitió a un atacante remoto falsificar el contenido del Omnibox (barra de URL) por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html https://crbug.com/1083972 https://security.gentoo.org/glsa/202006-02 https://www.debian.org/security/2020/dsa-4714 https://access.redhat.com/security/cve/CVE-2020-6494 https://bugzilla.redhat.com/show_bug.cgi?id=1844555 •
CVSS: 8.2EPSS: 69%CPEs: 7EXPL: 4CVE-2020-13379 – Grafana 7.0.1 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. La funcionalidad avatar en Grafana versiones 3.0.1 hasta 7.0.1, presenta un problema de Control de Acceso Incorrecto de tipo SSRF. • https://www.exploit-db.com/exploits/48638 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html http://www.openwall.com/lists/oss-security/2020/06/03/4 http://www. • CWE-476: NULL Pointer Dereference CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1CVE-2020-13614
https://notcve.org/view.php?id=CVE-2020-13614
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. Se detectó un problema en el archivo ssl.c en Axel versiones anteriores a 2.17.8. La implementación TLS carece de verificación del nombre de host. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00010.html https://github.com/axel-download-accelerator/axel/issues/262 https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPZUQSDGV5XDBJGHBWBHWJIBE47Q4QIB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S3ECAKIZA2TGBYLUQTLGRMXUFIOGRHG3 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6491 – chromium-browser: Incorrect security UI in site information
https://notcve.org/view.php?id=CVE-2020-6491
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. Una comprobación insuficiente de datos en site information en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto falsificar la Interfaz de Usuario de seguridad por medio de un nombre de dominio especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1050011 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g •