CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6435 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-6435
13 Apr 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en extensions de Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto quien había comprometido el proceso de renderización omitir las restricciones de navegación por medio de una página HTML diseñada. Multiple vulnerabilities have... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-6436 – chromium-browser: Use after free in window management
https://notcve.org/view.php?id=CVE-2020-6436
13 Apr 2020 — Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en window management en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow r... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6433 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-6433
13 Apr 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en extensions de Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 1CVE-2020-6434 – chromium-browser: Use after free in devtools
https://notcve.org/view.php?id=CVE-2020-6434
13 Apr 2020 — Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en devtools en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6431 – chromium-browser: Insufficient policy enforcement in full screen
https://notcve.org/view.php?id=CVE-2020-6431
13 Apr 2020 — Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. Una aplicación insuficiente de la política en full screen en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto falsificar la Interfaz de Usuario de seguridad por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to exe... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6432 – chromium-browser: Insufficient policy enforcement in navigations
https://notcve.org/view.php?id=CVE-2020-6432
13 Apr 2020 — Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en navigations en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers t... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-6423 – chromium-browser: Use after free in audio
https://notcve.org/view.php?id=CVE-2020-6423
13 Apr 2020 — Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en audio en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execu... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 1CVE-2020-6430 – chromium-browser: Type Confusion in V8
https://notcve.org/view.php?id=CVE-2020-6430
13 Apr 2020 — Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una Confusión de Tipos en V8 en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. Versio... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-11647 – Gentoo Linux Security Advisory 202007-13
https://notcve.org/view.php?id=CVE-2020-11647
10 Apr 2020 — In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. En Wireshark versiones 3.2.0 hasta 3.2.2, versiones 3.0.0 hasta 3.0.9 y versiones 2.6.0 hasta 2.6.15, el disector BACapp podría bloquearse. Esto fue abordado en el archivo epan/disectors/packet-bacapp.c limitando la cantidad de recursión. Multiple vulnerabilities have been found in Wireshark, the worst of which could re... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11669 – kernel: powerpc: guest can cause DoS on POWER9 KVM hosts
https://notcve.org/view.php?id=CVE-2020-11669
10 Apr 2020 — An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. Se detectó un problema en el kernel de Linux versiones anteriores a 5.2, en la plataforma powerpc. El archivo arch/powerpc/kernel/idle_book3s.S no posee la funcionalidad de guardar y restaurar para PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR y PNV_POWERSAVE_AMOR, también ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html • CWE-393: Return of Wrong Status Code •