Page 9 of 329 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. Una implementación inapropiada en Blink en Google Chrome anterior a versión 86.0.4240.75, permitía a un atacante remoto falsificar la UI de seguridad por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html https://crbug.com/1099276 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5P •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Una aplicación insuficiente de políticas en networking en Google Chrome anterior a versión 86.0.4240.75, permitía a un atacante remoto que había comprometido el proceso del renderizador omitir la misma política de origen por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html https://crbug.com/1110195 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5P •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en password manager en Google Chrome anterior a versión 86.0.4240.75, permitió a un atacante remoto que había comprometido el proceso del renderizador realizar potencialmente un escape del sandbox por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html https://crbug.com/1133688 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5P • CWE-416: Use After Free •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3, permite un ataque de tipo XSS por medio de la funcionalidad de transformación mediante un enlace diseñado • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO https://lists.fedoraproject.org/archives/list/package-announce%40lists&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 1

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. Se detectó un problema en SearchController en phpMyAdmin versiones anteriores a 4.9.6 y versiones 5.x anteriores a 5.0.3. Se detectó una vulnerabilidad de inyección SQL en cómo phpMyAdmin procesa las sentencias SQL en la funcionalidad de búsqueda. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html https://advisory.checkmarx.net/advisory/CX-2020-4281 https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO https:/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •