CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2020-6424 – chromium-browser: Use after free in media
https://notcve.org/view.php?id=CVE-2020-6424
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en media en Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html https://crbug.com/1031142 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedo • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2020-6422 – chromium-browser: Use after free in WebGL
https://notcve.org/view.php?id=CVE-2020-6422
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebGL en Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html https://crbug.com/1051748 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedo • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-14855
https://notcve.org/view.php?id=CVE-2019-14855
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. Se detectó un fallo en la manera en que podrían ser falsificadas las firmas de certificados usando colisiones encontradas en el algoritmo SHA-1. Un atacante podría usar esta debilidad para crear firmas de certificados falsificadas. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855 https://dev.gnupg.org/T4755 https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html https://rwc.iacr.org/2020/slides/Leurent.pdf https://usn.ubuntu.com/4516-1 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2020-6449 – chromium-browser: Use after free in audio
https://notcve.org/view.php?id=CVE-2020-6449
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en audio en Google Chrome versiones anteriores a 80.0.3987.149, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html https://crbug.com/1059686 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI https://lists.fedoraproject.org/archives/list/package-a • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-10675
https://notcve.org/view.php?id=CVE-2020-10675
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. La API Library en el buger jsonparser hasta el 04-12-2019, permite a atacantes causar una denegación de servicio (bucle infinito) por medio de una llamada Delete. • https://github.com/buger/jsonparser/issues/188 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •