CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 1CVE-2020-6571 – chromium-browser: Incorrect security UI in Omnibox
https://notcve.org/view.php?id=CVE-2020-6571
27 Aug 2020 — Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Una comprobación insuficiente de datos en Omnibox en Google Chrome versiones anteriores a 85.0.4183.83, permitía a un atacante remoto llevar a cabo una suplantación de dominio por medio de homógrafos de IDN mediante un nombre de dominio diseñado Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 6%CPEs: 9EXPL: 0CVE-2020-24614 – Gentoo Linux Security Advisory 202011-04
https://notcve.org/view.php?id=CVE-2020-24614
25 Aug 2020 — Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. Fossil versiones anteriores a 2.10.2, versiones 2.11.x anteriores a 2.11.2 y versiones 2.12.x anteriores a 2.12.1, permite a usuarios autenticados remotos ejecutar código arbitrario. Un atacante debe tener privilegios de registro en el repositorio Multiple vulnerabilities have been found in Fossil, the worst of which co... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00065.html • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 8%CPEs: 16EXPL: 0CVE-2020-8233
https://notcve.org/view.php?id=CVE-2020-8233
17 Aug 2020 — A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. Se presenta una vulnerabilidad de inyección de comandos en el firmware de EdgeSwitch versiones anteriores a v1.9.0, que permitía a un usuario autenticado de solo lectura ejecutar comandos de shell arbitrarios por medio de la interfaz HTTP, permitiéndoles escalar privilegios. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8026 – inn: non-root owned files
https://notcve.org/view.php?id=CVE-2020-8026
07 Aug 2020 — A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paque... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00063.html • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2020-17353 – Debian Security Advisory 4745-1
https://notcve.org/view.php?id=CVE-2020-17353
05 Aug 2020 — scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. El archivo scm/define-stencil-command.scm en LilyPond versiones hasta 2.20.0 y versiones 2.21.x hasta 2.21.4, cuando -dsafe es usada, carece de restricciones en embedded-ps y embedded-svg, como es demostrado al incluir código PostScript peligroso Faidon Liambotis discovered that Lilypond, a prog... • http://git.savannah.gnu.org/gitweb/?p=lilypond.git%3Ba=commit%3Bh=b84ea4740f3279516905c5db05f4074e777c16ff •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-16118
https://notcve.org/view.php?id=CVE-2020-16118
29 Jul 2020 — In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. En GNOME Balsa versiones anteriores a 2.6.0, un operador de servidor malicioso o un man in the middle puede desencadenar una desreferencia del puntero NULL y un bloqueo del cliente mediante el envío de una respuesta PREAUTH hacia la función imap_mbox_connect en la biblioteca libbalsa/imap/imap-... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00035.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2020-15917 – Gentoo Linux Security Advisory 202007-56
https://notcve.org/view.php?id=CVE-2020-15917
23 Jul 2020 — common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. El archivo common/session.c en Claws Mail versiones anteriores a 3.17.6, presenta una violación de protocolo porque los datos del sufijo después de STARTTLS son manejados inapropiadamente A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise. Versions less than 3.17.6 are affected. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6535 – chromium-browser: Insufficient data validation in WebUI
https://notcve.org/view.php?id=CVE-2020-6535
22 Jul 2020 — Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. Una comprobación de datos insuficiente en WebUI en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante remoto que había comprometido el proceso del renderizador inyectar scripts o HTML hacia una página privilegiada por medio de una página HTML diseñada Chromium is an open... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 0CVE-2020-6536 – chromium-browser: Incorrect security UI in PWAs
https://notcve.org/view.php?id=CVE-2020-6536
22 Jul 2020 — Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. Una Interfaz de Usuario de seguridad incorrecta en PWA en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante remoto que había persuadido al usuario, instalar una PWA para falsificar el contenido del Omnibox (barra URL) por medio de una PWA diseñada Chromium is an open-source web brow... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html •
CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 0CVE-2020-6531 – chromium-browser: Side-channel information leakage in scroll to text
https://notcve.org/view.php?id=CVE-2020-6531
22 Jul 2020 — Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Un filtrado de información de canal lateral en scroll to text en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 84.0.4147.105. Issues address... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html • CWE-203: Observable Discrepancy •