Page 5 of 40 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2020-6398 – chromium-browser: Uninitialized use in PDFium

https://notcve.org/view.php?id=CVE-2020-6398

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un uso de datos no inicializados en PDFium en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de un archivo PDF diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1032090 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-908: Use of Uninitialized Resource •

CVSS: 8.8EPSS: 6%CPEs: 11EXPL: 1

CVE-2020-6390 – chromium-browser: Out of bounds memory access in streams

https://notcve.org/view.php?id=CVE-2020-6390

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un acceso a la memoria fuera de límites en streams en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chrome suffers from an out-of-bounds access vulnerability in ReadableStream::Close. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html http://packetstormsecurity.com/files/157419/Chrome-ReadableStream-Close-Out-Of-Bounds-Access.html https://access.redhat.com/errata/RHSA-2020:0514 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1045874 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMA • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2020-6402 – chromium-browser: Insufficient policy enforcement in downloads

https://notcve.org/view.php?id=CVE-2020-6402

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Una aplicación insuficiente de la política en downloads en Google Chrome sobre OS X versiones anteriores a 80.0.3987.87, permitió a un atacante que convenció a un usuario a instalar una extensión maliciosa para ejecutar código arbitrario por medio de una extensión de Chrome diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1029375 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1

CVE-2019-15623

https://notcve.org/view.php?id=CVE-2019-15623

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. Una exposición de información privada en Nextcloud Server versión 16.0.1, causa que el servidor envíe su dominio e ID de usuario hacia el Nextcloud Lookup Server sin más datos cuando el servidor Lookup está deshabilitado. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html https://hackerone.com/reports/508490 https://nextcloud.com/security/advisory/?id=NC-SA-2019-016 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 1

CVE-2020-7106

https://notcve.org/view.php?id=CVE-2020-7106

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, y user_group_admin.php, como es demostrado por el parámetro description en el archivo data_sources.php (una cadena sin procesar desde la base de datos que se despliega con $header para activar un ataque de tipo XSS). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00032.html https://github.com/Cacti/cacti/issues/3191 https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html https://lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •