CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16017 – Google Chrome Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-16017
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en site isolation en Google Chrome versiones anteriores a 86.0.4240.198, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html https://crbug.com/1146709 https://access.redhat.com/security/cve/CVE-2020-16017 https://bugzilla.redhat.com/show_bug.cgi?id=1897207 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2020-25695 – postgresql: Multiple features escape "security restricted operation" sandbox
https://notcve.org/view.php?id=CVE-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en PostgreSQL versiones anteriores a 13.1, anteriores a 12.5, anteriores a 11.10, anteriores a 10.15, anteriores a 9.6.20 y anteriores a 9.5.24. Un atacante que tenga permiso para crear objetos no temporales en al menos un esquema puede ejecutar funciones SQL arbitrarias bajo la identidad de un superusuario. • https://bugzilla.redhat.com/show_bug.cgi?id=1894425 https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html https://security.gentoo.org/glsa/202012-07 https://security.netapp.com/advisory/ntap-20201202-0003 https://www.postgresql.org/support/security https://access.redhat.com/security/cve/CVE-2020-25695 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16016 – chromium-browser: Inappropriate implementation in base
https://notcve.org/view.php?id=CVE-2020-16016
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Una implementación inapropiada en base de Google Chrome versiones anteriores a 86.0.4240.193, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html https://crbug.com/1146679 https://access.redhat.com/security/cve/CVE-2020-16016 https://bugzilla.redhat.com/show_bug.cgi?id=1896641 •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2020-16011 – Chrome ConvertToJavaBitmap Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-16011
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en UI de Google Chrome en Windows anterior a versión 86.0.4240.183, permitía a un atacante remoto que había comprometido el proceso del renderizador realizar potencialmente un escape del sandbox por medio de una página HTML diseñada Chrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html http://packetstormsecurity.com/files/159975/Chrome-ConvertToJavaBitmap-Heap-Buffer-Overflow.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1144489 https://www.debian.org/security/2021/dsa-4824 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16010 – Google Chrome for Android UI Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-16010
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en UI de Google Chrome en Android anterior a versión 86.0.4240.185, permitió que un atacante remoto que había comprometido el proceso de renderizado pudiera realizar un escape del sandbox por medio de una página HTML diseñada Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/chrome-for-android-update.html https://crbug.com/1144368 • CWE-787: Out-of-bounds Write •