Page 3 of 530 results (0.024 seconds)

CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. Se detectó un problema en SDDM versiones anteriores a 0.19.0. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049 https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog https://github.com/sddm/sddm/releases https://lists.debian.org/debian-lts-announce/2020/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GT3EX5NSQJJAKY63ENSMEDX6NYZLYY3S https://security.gentoo.org/glsa/202402-02 https://www.debian.org/security/2020& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en UI de Google Chrome en Windows anterior a versión 86.0.4240.183, permitía a un atacante remoto que había comprometido el proceso del renderizador realizar potencialmente un escape del sandbox por medio de una página HTML diseñada Chrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html http://packetstormsecurity.com/files/159975/Chrome-ConvertToJavaBitmap-Heap-Buffer-Overflow.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1144489 https://www.debian.org/security/2021/dsa-4824 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 80%CPEs: 11EXPL: 1

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en V8 en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Turbofan fails to deoptimize code after map deprecation, leading to a type confusion vulnerability. Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html http://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1143772 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://lists.fedoraproject.org/archives/list/package-annou • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. Una comprobación de datos insuficiente en installer en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante local elevar potencialmente los privilegios por medio de un sistema de archivos diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1125018 https://www.debian.org/security/2021/dsa-4824 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. Un desbordamiento del búfer de la pila en WebRTC en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de un paquete WebRTC diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1134107 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M https://security.gentoo&# • CWE-787: Out-of-bounds Write •