CVSS: 9.6EPSS: 1%CPEs: 9EXPL: 1CVE-2020-15963 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-15963
21 Sep 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa llevar a cabo potencialmente un escape del sandbox por medio de una Chrome Extensi... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 1CVE-2020-15960 – chromium-browser: Out of bounds read in storage
https://notcve.org/view.php?id=CVE-2020-15960
21 Sep 2020 — Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Un desbordamiento del búfer de la pila en storage en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to vers... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 1%CPEs: 9EXPL: 1CVE-2020-15961 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-15961
21 Sep 2020 — Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Una comprobación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa llevar a cabo potencialmente un escape del sandbox por medio de una Chrome Extens... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-0432
https://notcve.org/view.php?id=CVE-2020-0432
17 Sep 2020 — In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807 En la función skb_to_mamac del archivo networking.c, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una escalada de privilegios lo... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-0431 – kernel: possible out of bounds write in kbd_keycode of keyboard.c
https://notcve.org/view.php?id=CVE-2020-0431
17 Sep 2020 — In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 En la función kbd_keycode del archivo keyboard.c, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegi... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20919 – Ubuntu Security Notice USN-4534-1
https://notcve.org/view.php?id=CVE-2019-20919
17 Sep 2020 — An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Se detectó un problema en el módulo DBI versiones anteriores a 1.643 para Perl. La documentación de la función hv_fetch() requiere comprobación para NULL y el código lo hace. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-0427 – kernel: out-of-bounds reads in pinctrl subsystem.
https://notcve.org/view.php?id=CVE-2020-0427
17 Sep 2020 — In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 En la función create_pinctrl del archivo core.c, se presenta una posible lectura fuera de límites debido a un uso de la memoria previamente liberada. Esto podría conllevar a una divulgación de información l... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25040
https://notcve.org/view.php?id=CVE-2020-25040
16 Sep 2020 — Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. Sylabs Singularity versiones hasta 3.6.2, presenta permisos no seguros en directorios temporales utilizados en operaciones de compilación de contenedores explícitas e implícitas, una vulnerabilidad diferente a CVE-2020-25039 • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25039
https://notcve.org/view.php?id=CVE-2020-25039
16 Sep 2020 — Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Sylabs Singularity versiones 3.2.0 hasta 3.6.2, presenta permisos no seguros en directorios temporales usados en fakeroot o en la ejecución del contenedor de espacio de nombres de usuario • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-14392 – Ubuntu Security Notice USN-4503-1
https://notcve.org/view.php?id=CVE-2020-14392
14 Sep 2020 — An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. Se encontró un fallo de desreferencia del puntero no confiable en Perl-DBI versiones anteriores a 1.643. Un atacante local que es capaz de manipular llamadas a la función dbd_db_login6_sv() podría causar una corrupción de la memoria, afectando la disponibilidad del servicio Multiple vulnerabilities hav... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •