Page 82 of 914 results (0.066 seconds)

CVSS: 8.8EPSS: 80%CPEs: 11EXPL: 1

CVE-2020-16009 – Google Chromium V8 Type Confusion Vulnerability

https://notcve.org/view.php?id=CVE-2020-16009

Una implementación inapropiada en V8 en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Turbofan fails to deoptimize code after map deprecation, leading to a type confusion vulnerability. Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html http://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1143772 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://lists.fedoraproject.org/archives/list/package • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-14884 – Oracle VirtualBox Shader Bytecode Type Confusion Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2020-14884

The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. • https://security.gentoo.org/glsa/202101-15 https://www.oracle.com/security-alerts/cpuoct2020.html https://www.zerodayinitiative.com/advisories/ZDI-20-1279 •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 2

CVE-2020-12351 – Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution

https://notcve.org/view.php?id=CVE-2020-12351

Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Una comprobación de entrada incorrecta en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso adyacente A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://www.exploit-db.com/exploits/49754 http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351 https://access.redhat.com/security/cve/CVE-2020-12351 https://bugzilla.redhat.com/show_bug.cgi?id=1886521 https://access.redhat.com/security/vulnerabilities/BleedingTooth • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-13341

https://notcve.org/view.php?id=CVE-2020-13341

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. Se ha detectado un problema en GitLab afectando a todas las versiones anteriores a 13.2.10, 13.3.7 y 13.4.2. Una comprobación insuficiente de permisos permite a un atacante con rol de desarrollador llevar a cabo varias eliminaciones • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13341.json https://gitlab.com/gitlab-org/gitlab/-/issues/239348 https://hackerone.com/reports/960244 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-15965 – chromium-browser: Out of bounds write in V8

https://notcve.org/view.php?id=CVE-2020-15965

Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html https://crbug.com/1126249 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZI • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •