CVSS: 8.8EPSS: 6%CPEs: 11EXPL: 1CVE-2020-6390 – chromium-browser: Out of bounds memory access in streams
https://notcve.org/view.php?id=CVE-2020-6390
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un acceso a la memoria fuera de límites en streams en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chrome suffers from an out-of-bounds access vulnerability in ReadableStream::Close. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html http://packetstormsecurity.com/files/157419/Chrome-ReadableStream-Close-Out-Of-Bounds-Access.html https://access.redhat.com/errata/RHSA-2020:0514 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1045874 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMA • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6402 – chromium-browser: Insufficient policy enforcement in downloads
https://notcve.org/view.php?id=CVE-2020-6402
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Una aplicación insuficiente de la política en downloads en Google Chrome sobre OS X versiones anteriores a 80.0.3987.87, permitió a un atacante que convenció a un usuario a instalar una extensión maliciosa para ejecutar código arbitrario por medio de una extensión de Chrome diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1029375 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2019-15623
https://notcve.org/view.php?id=CVE-2019-15623
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. Una exposición de información privada en Nextcloud Server versión 16.0.1, causa que el servidor envíe su dominio e ID de usuario hacia el Nextcloud Lookup Server sin más datos cuando el servidor Lookup está deshabilitado. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html https://hackerone.com/reports/508490 https://nextcloud.com/security/advisory/?id=NC-SA-2019-016 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15613
https://notcve.org/view.php?id=CVE-2019-15613
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. Un error en Nextcloud Server versión 17.0.1, causa que las reglas de flujo de trabajo dependan de su comportamiento sobre la extensión del archivo cuando se comprueban los mimetypes de archivos. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html https://hackerone.com/reports/697959 https://nextcloud.com/security/advisory/?id=NC-SA-2020-002 • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1CVE-2019-15624
https://notcve.org/view.php?id=CVE-2019-15624
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. Una Comprobación de Entrada Inapropiada en Nextcloud Server versión 15.0.7, permite a los administradores de grupo crear usuarios con los ID de carpetas del sistema. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html https://hackerone.com/reports/508493 https://nextcloud.com/security/advisory/?id=NC-SA-2019-015 • CWE-20: Improper Input Validation •