CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26231 – Bypass of fix for CVE-2020-15247, Twig sandbox escape
https://notcve.org/view.php?id=CVE-2020-26231
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 470 (v1.0.470) and v1.1.1. • https://github.com/octobercms/october/commit/d34fb8ab51108495a9a651b841202d935f4e12f7 https://github.com/octobercms/october/security/advisories/GHSA-r89v-cgv7-3jhx • CWE-862: Missing Authorization •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15247 – Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
https://notcve.org/view.php?id=CVE-2020-15247
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0. October es una plataforma CMS gratuita, de código abierto y autohosteada basada en Laravel PHP Framework. • https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982 https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875 • CWE-862: Missing Authorization •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16017 – Google Chrome Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-16017
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en site isolation en Google Chrome versiones anteriores a 86.0.4240.198, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html https://crbug.com/1146709 https://access.redhat.com/security/cve/CVE-2020-16017 https://bugzilla.redhat.com/show_bug.cgi?id=1897207 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16016 – chromium-browser: Inappropriate implementation in base
https://notcve.org/view.php?id=CVE-2020-16016
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html https://crbug.com/1146679 https://access.redhat.com/security/cve/CVE-2020-16016 https://bugzilla.redhat.com/show_bug.cgi?id=1896641 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16010 – Google Chrome for Android UI Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-16010
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en UI de Google Chrome en Android anterior a versión 86.0.4240.185, permitió que un atacante remoto que había comprometido el proceso de renderizado pudiera realizar un escape del sandbox por medio de una página HTML diseñada Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/chrome-for-android-update.html https://crbug.com/1144368 • CWE-787: Out-of-bounds Write •