RSS   Vulnerabilities for 'Backports sle'   RSS

2020-11-03
 
CVE-2020-16008

CWE-787
 

 
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

 
 
CVE-2020-16007

CWE-20
 

 
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

 
 
CVE-2020-15989

CWE-665
 

 
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

 
 
CVE-2020-15987

CWE-416
 

 
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

 
 
CVE-2020-15980

NVD-CWE-noinfo
 

 
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.

 
 
CVE-2020-15973

NVD-CWE-noinfo
 

 
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.

 
 
CVE-2020-15972

CWE-416
 

 
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 
 
CVE-2020-15971

CWE-416
 

 
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

 
 
CVE-2020-15969

CWE-416
 

 
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 
 
CVE-2020-15968

CWE-416
 

 
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 


Copyright 2022, cxsecurity.com

 

Back to Top