CVE-2020-16002 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2020-16002
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un uso de la memoria previamente liberada en PDFium en Google Chrome anterior a versión 86.0.4240.111, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de un archivo PDF diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html https://crbug.com/1137630 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6A • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2020-16003 – chromium-browser: Use after free in printing
https://notcve.org/view.php?id=CVE-2020-16003
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente en printing liberada en Google Chrome anterior a versión 86.0.4240.111, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html https://crbug.com/1134960 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6A • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2020-15999 – Google Chrome FreeType Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-15999
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en Freetype en Google Chrome anterior a versión 86.0.4240.111, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file. FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png. Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. • https://github.com/oxfemale/CVE-2020-15999 https://github.com/maarlo/CVE-2020-15999 https://github.com/Marmeus/CVE-2020-15999 http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://seclists.org/fulldisclosure/2020/Nov/33 https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html https://crbug.com/1139963 https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html https://lists.fedoraproject.org/archives/list/package-announce%40 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-25829
https://notcve.org/view.php?id=CVE-2020-25829
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). Se ha encontrado un problema en PowerDNS Recursor versiones anteriores a 4.1.18, versiones 4.2.x anteriores a 4.2.5 y versiones 4.3.x anteriores a 4.3.5. Un atacante remoto puede causar que los registros en caché para un nombre dado sean actualizados al estado de comprobación de Bogus DNSSEC, en lugar de su estado DNSSEC Secure real, por medio de una consulta ANY de DNS. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html https://security.gentoo.org/glsa/202012-19 •
CVE-2020-15229 – Path traversal and files overwrite with unsquashfs
https://notcve.org/view.php?id=CVE-2020-15229
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00009.html https://github.com/hpcng/singularity/blob/v3.6.4/CHANGELOG.md#security-related-fixes https://github.com/hpcng/singularity/commit/eba3dea260b117198fdb6faf41f2482ab2f8d53e https://github.com/hpcng/singularity/pull/5611 https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •