CVE-2020-16014
https://notcve.org/view.php?id=CVE-2020-16014
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en PPAPI en Google Chrome versiones anteriores a 87.0.4280.66, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/1146675 • CWE-416: Use After Free •
CVE-2020-16018
https://notcve.org/view.php?id=CVE-2020-16018
Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en payments en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/1136078 • CWE-416: Use After Free •
CVE-2020-16024 – Chrome SkBitmapOperations::UnPreMultiply Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-16024
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en UI de Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Chrome suffers from a heap buffer overflow vulnerability in SkBitmapOperations::UnPreMultiply. • http://packetstormsecurity.com/files/161353/Chrome-SkBitmapOperations-UnPreMultiply-Heap-Buffer-Overflow.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/1147430 • CWE-787: Out-of-bounds Write •
CVE-2020-16025 – Chrome ClipboardWin::WriteBitmap Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-16025
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en clipboard en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Chrome suffers from a heap buffer overflow in ClipboardWin::WriteBitmap. • http://packetstormsecurity.com/files/161354/Chrome-ClipboardWin-WriteBitmap-Heap-Buffer-Overflow.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/1147431 • CWE-787: Out-of-bounds Write •
CVE-2020-26231 – Bypass of fix for CVE-2020-15247, Twig sandbox escape
https://notcve.org/view.php?id=CVE-2020-26231
A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. ...  Se detectó un bypass de CVE-2020-15247 (corregido en versiones 1.0.469 y 1.1.0), que tiene el mismo impacto que CVE-2020-15247. Un usuario del backend autenticado con los permisos cms.manage_pages, cms.manage_layouts o cms.manage_partials que normalmente no podría proporcionar código PHP para ser ejecutado por el CMS debido a que cms.enableSafeMode está habilitado, puede escribir código Twig específico para escapar del sandbox de Twig y ejecutar PHP arbitrario. • https://github.com/octobercms/october/commit/d34fb8ab51108495a9a651b841202d935f4e12f7 https://github.com/octobercms/october/security/advisories/GHSA-r89v-cgv7-3jhx • CWE-862: Missing Authorization •