CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13112 – libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS
https://notcve.org/view.php?id=CVE-2020-13112
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Varias lecturas excesivas de buffer en el manejo de EXIF MakerNote podrían conllevar a una divulgación de información y a bloqueos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13112 https://bugzilla.redhat.com/show_bug.cgi?id=1840344 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13114 – libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time
https://notcve.org/view.php?id=CVE-2020-13114
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. Se descubrió un problema en el libexif versiones anteriores a la versión 0.6.22. Un tamaño sin restricciones en el manejo de los datos de Canon EXIF MakerNote podría conllevar al consumo de grandes cantidades de tiempo de cálculo para la decodificación de datos EXIF. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13114 https://bugzilla.redhat.com/show_bug.cgi?id=1840350 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6491 – chromium-browser: Incorrect security UI in site information
https://notcve.org/view.php?id=CVE-2020-6491
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. Una comprobación insuficiente de datos en site information en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto falsificar la Interfaz de Usuario de seguridad por medio de un nombre de dominio especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1050011 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1CVE-2020-6489 – chromium-browser: Inappropriate implementation in developer tools
https://notcve.org/view.php?id=CVE-2020-6489
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. Una implementación inapropiada en developer tools en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto que había convencido al usuario de tomar determinadas acciones en developer tools para obtener información potencialmente sensible del disco por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1050756 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6490 – chromium-browser: Insufficient data validation in loader
https://notcve.org/view.php?id=CVE-2020-6490
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. Una comprobación insuficiente de datos en loader en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto que había sido capaz de escribir en el disco filtrar datos de tipo cross-origin por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1035887 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g • CWE-668: Exposure of Resource to Wrong Sphere •