CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-14672 – mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2020)
https://notcve.org/view.php?id=CVE-2020-14672
21 Oct 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (A... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR •
CVSS: 9.6EPSS: 93%CPEs: 5EXPL: 6CVE-2020-15999 – Google Chrome FreeType Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-15999
20 Oct 2020 — Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en Freetype en Google Chrome anterior a versión 86.0.4240.111, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and heig... • https://packetstorm.news/files/id/159754 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-25648 – nss: TLS 1.3 CCS flood remote DoS Attack
https://notcve.org/view.php?id=CVE-2020-25648
20 Oct 2020 — A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. Se encontró un fallo en la manera en que NSS manejaba los mensajes CCS (ChangeCipherSpec) en TLS versión 1.3. • https://bugzilla.redhat.com/show_bug.cgi?id=1887319 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-24266 – Gentoo Linux Security Advisory 202105-21
https://notcve.org/view.php?id=CVE-2020-24266
19 Oct 2020 — An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. Se detectó un problema en tcpreplay tcpprep versión v4.3.3. Se presenta una vulnerabilidad de desbordamiento del búfer en la región heap de la memoria en la función get_l2len() que puede hacer que tcpprep se bloquee y cause una denegación de servicio Multiple vulnerabilities have been found in Tcpreplay, the worst of which could res... • https://github.com/appneta/tcpreplay/issues/617 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-24265 – Gentoo Linux Security Advisory 202105-21
https://notcve.org/view.php?id=CVE-2020-24265
19 Oct 2020 — An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. Se detectó un problema en tcpreplay tcpprep versión v4.3.3. Se presenta una vulnerabilidad de desbordamiento del búfer de pila en la función MemcmpInterceptorCommon() que puede hacer que tcpprep se bloquee y cause una denegación de servicio Multiple vulnerabilities have been found in Tcpreplay, the worst of which could... • https://github.com/appneta/tcpreplay/issues/616 • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 1%CPEs: 6EXPL: 0CVE-2020-15967 – chromium-browser: Use after free in payments
https://notcve.org/view.php?id=CVE-2020-15967
13 Oct 2020 — Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en payments en Google Chrome anterior a versión 86.0.4240.75, permitía a un atacante remoto realizar potencialmente un escape del sandbox por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.75. Issues addressed includ... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2020-15968 – chromium-browser: Use after free in Blink
https://notcve.org/view.php?id=CVE-2020-15968
13 Oct 2020 — Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Blink en Google Chrome anterior a versión 86.0.4240.75, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.75. Issues addressed include i... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 12EXPL: 0CVE-2020-15969 – chromium-browser: Use after free in WebRTC
https://notcve.org/view.php?id=CVE-2020-15969
13 Oct 2020 — Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebRTC en Google Chrome anterior a versión 86.0.4240.75, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada macOS Big Sur 11.1, Security Update 2020-001 Catalina, and Security Update 2020-007 Mojave address buffer overflow, bypass, code execution... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2020-15970 – chromium-browser: Use after free in NFC
https://notcve.org/view.php?id=CVE-2020-15970
13 Oct 2020 — Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en NFC en Google Chrome anterior a versión 86.0.4240.75, permitía a un atacante remoto que había comprometido el proceso del renderizador potencialmente realizar un escape del sandbox por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebK... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2020-15971 – chromium-browser: Use after free in printing
https://notcve.org/view.php?id=CVE-2020-15971
13 Oct 2020 — Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en printing en Google Chrome anterior a versión 86.0.4240.75, permitía a un atacante remoto que había comprometido el proceso del renderizador realizar potencialmente un escape del sandbox por medio de una página HTML diseñada Chromium is an open-source web browser, power... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-416: Use After Free •