CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 1CVE-2020-6392 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-6392
11 Feb 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante que convenció a un usuario a instalar una extensión maliciosa para omitir las restricciones de navegación por medio de una Extensión de Chrome diseñada. ... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0CVE-2020-6393 – chromium-browser: Insufficient policy enforcement in Blink
https://notcve.org/view.php?id=CVE-2020-6393
11 Feb 2020 — Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de la política en Blink en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto filtrar datos de origen cruzados por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues addressed include informat... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 1CVE-2020-6394 – chromium-browser: Insufficient policy enforcement in Blink
https://notcve.org/view.php?id=CVE-2020-6394
11 Feb 2020 — Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación insuficiente de la política en Blink en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto omitir la política de seguridad de contenido por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues addres... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0CVE-2020-6402 – chromium-browser: Insufficient policy enforcement in downloads
https://notcve.org/view.php?id=CVE-2020-6402
11 Feb 2020 — Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Una aplicación insuficiente de la política en downloads en Google Chrome sobre OS X versiones anteriores a 80.0.3987.87, permitió a un atacante que convenció a un usuario a instalar una extensión maliciosa para ejecutar código arbitrario por medio de una extensión de Chrome diseñada. Chr... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20105 – yast2-rmt exposes CA private key passhrase in log-file
https://notcve.org/view.php?id=CVE-2018-20105
27 Jan 2020 — A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. Una Inclusión de Información Confidencial en una vulnerabilidad de Archivos de Registro en yast2-rmt de SUSE Linux Enterprise Server versión 15; openSUSE Leap, permite a a... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3693 – Local privilege escalation from user wwwrun to root in the packaging of mailman
https://notcve.org/view.php?id=CVE-2019-3693
24 Jan 2020 — A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.1... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-3692 – Local privilege escalation from user news to root in the packaging of inn
https://notcve.org/view.php?id=CVE-2019-3692
24 Jan 2020 — The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. El empaquetado de inn en SUSE Linux Enterprise Server versión 11; openSUSE Factory, Leap versión 15.1, permite a atacante... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 4%CPEs: 12EXPL: 1CVE-2020-7106 – Gentoo Linux Security Advisory 202003-40
https://notcve.org/view.php?id=CVE-2020-7106
16 Jan 2020 — Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php,... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 12%CPEs: 13EXPL: 0CVE-2019-19925 – sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
https://notcve.org/view.php?id=CVE-2019-19925
24 Dec 2019 — zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. La función zipfileUpdate en el archivo ext/misc/zipfile.c en SQLite versión 3.30.1, maneja inapropiadamente un nombre de ruta NULL durante una actualización de un archivo ZIP. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered t... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 13%CPEs: 13EXPL: 0CVE-2019-19923 – sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2019-19923
24 Dec 2019 — flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). La función flattenSubquery en el archivo select.c en SQLite versión 3.30.1 maneja inapropiadamente ciertos usos de SELECT DISTINCT que involucra una LEFT JOIN en la que el lado derecho es una vista. Esto puede causar una desreferencia del puntero NULL (o resultados incorrectos). It was discovere... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-476: NULL Pointer Dereference •