CVE-2020-6505 – chromium-browser: Use after free in speech
https://notcve.org/view.php?id=CVE-2020-6505
Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en speech en Google Chrome versiones anteriores a 83.0.4103.106, permitió a un atacante remoto poder llevar a cabo un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html https://crbug.com/1081350 https://security.gentoo.org/glsa/202007-08 https://access.redhat.com/security/cve/CVE-2020-6505 https://bugzilla.redhat.com/show_bug.cgi?id=1847268 • CWE-416: Use After Free •
CVE-2020-14147
https://notcve.org/view.php?id=CVE-2020-14147
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. ... Un desbordamiento de enteros en la función getnum en el archivo lua_struct.c en Redis versiones anteriores a 6.0.3, permite a atacantes dependiendo del contexto, con permiso para ejecutar el código Lua en una sesión de Redis, causar una denegación de servicio (corrupción de la memoria y bloqueo de la aplicación) o posiblemente omitir las restricciones del sandbox previstas por medio de un número grande, lo que desencadena un desbordamiento de búfer en la región stack de la pila. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571 https://github.com/antirez/redis/pull/6875 https://security.gentoo.org/glsa/202008-17 https://www.debian.org/security/2020/dsa-4731 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2020-6495 – chromium-browser: Insufficient policy enforcement in developer tools
https://notcve.org/view.php?id=CVE-2020-6495
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Una aplicación insuficiente de la política en developer tools en Google Chrome versiones anteriores a 83.0.4103.97, permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa potencialmente llevar a cabo un escape del sandbox por medio de una Chrome Extension diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html https://crbug.com/1072116 https://security.gentoo.org/glsa/202006-02 https://www.debian.org/security/2020/dsa-4714 https://access.redhat.com/security/cve/CVE-2020-6495 https://bugzilla.redhat.com/show_bug.cgi?id=1844556 • CWE-276: Incorrect Default Permissions •
CVE-2020-6496 – chromium-browser: Use after free in payments
https://notcve.org/view.php?id=CVE-2020-6496
Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. El uso de la memoria previamente liberada en payments en Google Chrome en MacOS versiones anteriores a 83.0.4103.97, permitió a un atacante remoto poder llevar a cabo un escape del sandbox por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html https://crbug.com/1085990 https://security.gentoo.org/glsa/202006-02 https://www.debian.org/security/2020/dsa-4714 https://access.redhat.com/security/cve/CVE-2020-6496 https://bugzilla.redhat.com/show_bug.cgi?id=1844557 • CWE-416: Use After Free •
CVE-2020-6493 – chromium-browser: Use after free in WebAuthentication
https://notcve.org/view.php?id=CVE-2020-6493
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en WebAuthentication en Google Chrome versiones anteriores a 83.0.4103.97, permitió a un atacante remoto que había comprometido el proceso del renderizador para potencialmente llevar a cabo un escape del sandbox por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html https://crbug.com/1082105 https://security.gentoo.org/glsa/202006-02 https://www.debian.org/security/2020/dsa-4714 https://access.redhat.com/security/cve/CVE-2020-6493 https://bugzilla.redhat.com/show_bug.cgi?id=1844554 • CWE-416: Use After Free •