CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25039
https://notcve.org/view.php?id=CVE-2020-25039
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Sylabs Singularity versiones 3.2.0 hasta 3.6.2, presenta permisos no seguros en directorios temporales usados en fakeroot o en la ejecución del contenedor de espacio de nombres de usuario • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7 https://medium.com/sylabs • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli versiones anteriores a 1.0.8, donde un atacante que controla la longitud de entrada de una petición de descompresión "one-shot" en un script puede desencadenar un bloqueo, que ocurre cuando se copian fragmentos de datos de más de 2 GiB . Se recomienda actualizar su biblioteca de Brotli a la versión 1.0.8 o posterior. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html https://github.com/google/brotli/releases/tag/v1.0.9 https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6574 – chromium-browser: Insufficient policy enforcement in installer
https://notcve.org/view.php?id=CVE-2020-6574
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Una aplicación insuficiente de la política en installer en Google Chrome en OS X versiones anteriores a 85.0.4183.102, permitía a un atacante local alcanzar potencialmente una escalada de privilegios por medio de un binario diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html https://crbug.com/1102196 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKB •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14392
https://notcve.org/view.php?id=CVE-2020-14392
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. Se encontró un fallo de desreferencia del puntero no confiable en Perl-DBI versiones anteriores a 1.643. Un atacante local que es capaz de manipular llamadas a la función dbd_db_login6_sv() podría causar una corrupción de la memoria, afectando la disponibilidad del servicio • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html https://bugzilla.redhat.com/show_bug.cgi?id=1877402 https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643 https://usn.ubuntu.com/4503-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14393
https://notcve.org/view.php?id=CVE-2020-14393
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. Se encontró un desbordamiento de búfer en perl-DBI versiones anteriores a 1.643 en el archivo DBI.xs. Un atacante local que es capaz de suministrar una cadena de más de 300 caracteres que podría causar una escritura fuera de límites, afectando la disponibilidad del servicio o la integridad de los datos • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html https://bugzilla.redhat.com/show_bug.cgi?id=1877409 https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •