CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 1CVE-2020-8027 – openldap uses fixed paths in /tmp
https://notcve.org/view.php?id=CVE-2020-8027
11 Feb 2021 — A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp... • https://bugzilla.suse.com/show_bug.cgi?id=1175568 • CWE-377: Insecure Temporary File •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-28049 – Gentoo Linux Security Advisory 202402-02
https://notcve.org/view.php?id=CVE-2020-28049
04 Nov 2020 — An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. Se detectó un problema en SDDM versiones anteriores a 0.19.0. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.6EPSS: 1%CPEs: 7EXPL: 1CVE-2020-16011 – Debian Security Advisory 4824-1
https://notcve.org/view.php?id=CVE-2020-16011
03 Nov 2020 — Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en UI de Google Chrome en Windows anterior a versión 86.0.4240.183, permitía a un atacante remoto que había comprometido el proceso del renderizador realizar potencialmente un escape del sandbox por medio de una página HTML diseñada Multiple security issues were ... • https://packetstorm.news/files/id/159975 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 82%CPEs: 11EXPL: 2CVE-2020-16009 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-16009
03 Nov 2020 — Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en V8 en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include b... • https://packetstorm.news/files/id/159974 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-16007 – Debian Security Advisory 4824-1
https://notcve.org/view.php?id=CVE-2020-16007
03 Nov 2020 — Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. Una comprobación de datos insuficiente en installer en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante local elevar potencialmente los privilegios por medio de un sistema de archivos diseñado Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-16008 – chromium-browser: Stack buffer overflow in WebRTC
https://notcve.org/view.php?id=CVE-2020-16008
03 Nov 2020 — Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. Un desbordamiento del búfer de la pila en WebRTC en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de un paquete WebRTC diseñado Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues add... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-16004 – chromium-browser: Use after free in user interface
https://notcve.org/view.php?id=CVE-2020-16004
03 Nov 2020 — Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en UI de Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed ... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-16005 – chromium-browser: Insufficient policy enforcement in ANGLE
https://notcve.org/view.php?id=CVE-2020-16005
03 Nov 2020 — Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una aplicación de políticas insuficiente en ANGLE en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues ... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-16006 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2020-16006
03 Nov 2020 — Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en V8 en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include b... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14323 – samba: Unprivileged user can crash winbind
https://notcve.org/view.php?id=CVE-2020-14323
29 Oct 2020 — A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. Se encontró uno fallo de desreferencia del puntero null en el servicio Winbind de samba en versiones anteriores a 4.11.15, 4.12.9 y 4.13.1. Un usuario local podría utilizar este fallo para bloquear el servicio winbind causando una denegación de servicio A null pointer dereference flaw wa... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html • CWE-170: Improper Null Termination CWE-476: NULL Pointer Dereference •