Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:251992
[Eng]
Version
1
Class
patch
ALTXid
482764
Language
Russian
Severity
Critical
Title
PHSA-2023-3.0-0602 -- обновление безопасности Photon OS для nodejs
Description
Updates of nodejs packages of Photon OS have been released.
Family
unix
Platform
VMware Photon OS 3.0
Product
nodejs
Reference
VENDOR: PHSA-2023-3.0-0602
VENDOR: PHSA-2023-3.0-0602
Id:
PHSA-2023-3.0-0602
Reference:
https://github.com/vmware/photon/wiki/Security-Update-3.0-602
CVE: CVE-2019-5866
CVE: CVE-2019-5866
Id:
CVE-2019-5866
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5866
Comment
: Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop.html ()
https://crbug.com/978382 ()
CVE: CVE-2018-17465
CVE: CVE-2018-17465
Id:
CVE-2018-17465
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17465
Comment
: Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
DSA-4330 ()
https://crbug.com/870226 ()
RHSA-2018:3004 ()
GLSA-201811-10 ()
https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html ()
105666 ()
CVE: CVE-2019-13728
CVE: CVE-2019-13728
Id:
CVE-2019-13728
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13728
Comment
: Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1024758 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2021-30598
CVE: CVE-2021-30598
Id:
CVE-2021-30598
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30598
Comment
: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1234764 (MISC)
FEDORA-2021-78b9d84299 ()
FEDORA-2021-6225d60814 ()
FEDORA-2021-02b301441f ()
CVE: CVE-2021-30517
CVE: CVE-2021-30517
Id:
CVE-2021-30517
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30517
Comment
: Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1203122 (MISC)
GLSA-202107-06 (GENTOO)
FEDORA-2021-f94dadff78 ()
FEDORA-2021-ca58c57bdf ()
CVE: CVE-2021-4061
CVE: CVE-2021-4061
Id:
CVE-2021-4061
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4061
Comment
: Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1271456 (MISC)
DSA-5046 (DEBIAN)
GLSA-202208-25 (GENTOO)
FEDORA-2021-6a292e2cf4 ()
CVE: CVE-2020-6434
CVE: CVE-2020-6434
Id:
CVE-2020-6434
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434
Comment
: Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html (MISC)
https://crbug.com/1048555 (MISC)
openSUSE-SU-2020:0519 (SUSE)
openSUSE-SU-2020:0540 (SUSE)
DSA-4714 (DEBIAN)
FEDORA-2020-b82a634e27 ()
FEDORA-2020-0e7f1b663b ()
FEDORA-2020-da49fbb17c ()
CVE: CVE-2021-38007
CVE: CVE-2021-38007
Id:
CVE-2021-38007
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38007
Comment
: Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1254189 (MISC)
DSA-5046 (DEBIAN)
FEDORA-2021-6a292e2cf4 ()
CVE: CVE-2021-21220
CVE: CVE-2021-21220
Id:
CVE-2021-21220
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21220
Comment
: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1196683 (MISC)
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html (MISC)
GLSA-202104-08 (GENTOO)
http://packetstormsecurity.com/files/162437/Google-Chrome-XOR-Typer-Out-Of-Bounds-Access-Remote-Code-Execution.html (MISC)
FEDORA-2021-c3754414e7 ()
FEDORA-2021-ff893e12c5 ()
FEDORA-2021-35d2bb4627 ()
http://packetstormsecurity.com/files/176210/Chrome-V8-JIT-XOR-Arbitrary-Code-Execution.html ()
CVE: CVE-2018-17458
CVE: CVE-2018-17458
Id:
CVE-2018-17458
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17458
Comment
: An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
129 (Improper Validation of Array Index)
References:
https://crbug.com/875322 ()
https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html ()
RHSA-2018:2818 ()
CVE: CVE-2021-30541
CVE: CVE-2021-30541
Id:
CVE-2021-30541
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30541
Comment
: Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://crbug.com/1214842 (MISC)
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html (MISC)
CVE: CVE-2020-6507
CVE: CVE-2020-6507
Id:
CVE-2020-6507
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6507
Comment
: Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://crbug.com/1086890 (MISC)
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html (MISC)
GLSA-202007-08 (GENTOO)
http://packetstormsecurity.com/files/162088/Google-Chrome-81.0.4044-V8-Remote-Code-Execution.html (MISC)
http://packetstormsecurity.com/files/162105/Google-Chrome-81.0.4044-V8-Remote-Code-Execution.html (MISC)
CVE: CVE-2020-6379
CVE: CVE-2020-6379
Id:
CVE-2020-6379
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6379
Comment
: Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html (MISC)
https://crbug.com/1033407 (MISC)
GLSA-202003-08 (GENTOO)
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6418
CVE: CVE-2020-6418
Id:
CVE-2020-6418
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418
Comment
: Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://crbug.com/1053604 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html (MISC)
http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html (MISC)
RHSA-2020:0738 (REDHAT)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2021-37975
CVE: CVE-2021-37975
Id:
CVE-2021-37975
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975
Comment
: Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html (MISC)
https://crbug.com/1252918 (MISC)
DSA-5046 (DEBIAN)
http://packetstormsecurity.com/files/172847/Chrome-V8-Logic-Bug-Use-After-Free.html (MISC)
FEDORA-2021-116eff380f ()
FEDORA-2021-5ffabdc080 ()
FEDORA-2021-5093f11905 ()
CVE: CVE-2018-16065
CVE: CVE-2018-16065
Id:
CVE-2018-16065
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16065
Comment
: A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
105215 ()
DSA-4289 ()
RHSA-2018:2666 ()
https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html ()
GLSA-201811-10 ()
https://crbug.com/867776 ()
CVE: CVE-2020-6415
CVE: CVE-2020-6415
Id:
CVE-2020-6415
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
Comment
: Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1029576 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6447
CVE: CVE-2020-6447
Id:
CVE-2020-6447
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447
Comment
: Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://crbug.com/991217 (MISC)
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html (MISC)
openSUSE-SU-2020:0519 (SUSE)
openSUSE-SU-2020:0540 (SUSE)
DSA-4714 (DEBIAN)
FEDORA-2020-b82a634e27 ()
FEDORA-2020-0e7f1b663b ()
FEDORA-2020-da49fbb17c ()
CVE: CVE-2021-30551
CVE: CVE-2021-30551
Id:
CVE-2021-30551
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30551
Comment
: Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1216437 (MISC)
GLSA-202107-06 (GENTOO)
GLSA-202208-25 (GENTOO)
FEDORA-2021-f94dadff78 ()
FEDORA-2021-ca58c57bdf ()
CVE: CVE-2019-13735
CVE: CVE-2019-13735
Id:
CVE-2019-13735
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13735
Comment
: Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1025468 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2020-6512
CVE: CVE-2020-6512
Id:
CVE-2020-6512
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512
Comment
: Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1084820 (MISC)
openSUSE-SU-2020:1061 (SUSE)
GLSA-202007-08 (GENTOO)
openSUSE-SU-2020:1148 (SUSE)
openSUSE-SU-2020:1172 (SUSE)
openSUSE-SU-2020:1048 (SUSE)
DSA-4824 (DEBIAN)
GLSA-202101-30 (GENTOO)
FEDORA-2020-bf684961d9 ()
FEDORA-2020-84d87cbd50 ()
CVE: CVE-2020-6419
CVE: CVE-2020-6419
Id:
CVE-2020-6419
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6419
Comment
: Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html (MISC)
https://crbug.com/1040325 (MISC)
CVE: CVE-2019-5843
CVE: CVE-2019-5843
Id:
CVE-2019-5843
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843
Comment
: Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html ()
https://crbug.com/939316 ()
CVE: CVE-2020-15979
CVE: CVE-2020-15979
Id:
CVE-2020-15979
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979
Comment
: Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1127319 (MISC)
openSUSE-SU-2020:1829 (SUSE)
DSA-4824 (DEBIAN)
GLSA-202101-30 (GENTOO)
FEDORA-2020-127d40f1ab ()
FEDORA-2020-8aca25b5c8 ()
FEDORA-2020-4e8e48da22 ()
CVE: CVE-2020-6468
CVE: CVE-2020-6468
Id:
CVE-2020-6468
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6468
Comment
: Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html (MISC)
https://crbug.com/1076708 (MISC)
GLSA-202006-02 (GENTOO)
openSUSE-SU-2020:0823 (SUSE)
openSUSE-SU-2020:0832 (SUSE)
DSA-4714 (DEBIAN)
FEDORA-2020-08561721ad ()
FEDORA-2020-77f89ab772 ()
CVE: CVE-2020-6453
CVE: CVE-2020-6453
Id:
CVE-2020-6453
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6453
Comment
: Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html (MISC)
https://crbug.com/1065094 (MISC)
CVE: CVE-2020-6533
CVE: CVE-2020-6533
Id:
CVE-2020-6533
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533
Comment
: Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1069964 (MISC)
openSUSE-SU-2020:1061 (SUSE)
GLSA-202007-08 (GENTOO)
openSUSE-SU-2020:1148 (SUSE)
openSUSE-SU-2020:1172 (SUSE)
openSUSE-SU-2020:1048 (SUSE)
DSA-4824 (DEBIAN)
GLSA-202101-30 (GENTOO)
FEDORA-2020-bf684961d9 ()
FEDORA-2020-84d87cbd50 ()
CVE: CVE-2020-6381
CVE: CVE-2020-6381
Id:
CVE-2020-6381
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
Comment
: Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://crbug.com/1034394 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2019-5807
CVE: CVE-2019-5807
Id:
CVE-2019-5807
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807
Comment
: Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html ()
https://crbug.com/945644 ()
openSUSE-SU-2019:1666 ()
FEDORA-2019-8fb8240d14 ()
FEDORA-2019-a1af621faf ()
DSA-4500 ()
20190813 [SECURITY] [DSA 4500-1] chromium security update ()
GLSA-201908-18 ()
CVE: CVE-2020-6448
CVE: CVE-2020-6448
Id:
CVE-2020-6448
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448
Comment
: Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html (MISC)
https://crbug.com/1037872 (MISC)
openSUSE-SU-2020:0519 (SUSE)
openSUSE-SU-2020:0540 (SUSE)
DSA-4714 (DEBIAN)
FEDORA-2020-b82a634e27 ()
FEDORA-2020-0e7f1b663b ()
FEDORA-2020-da49fbb17c ()
CVE: CVE-2020-6383
CVE: CVE-2020-6383
Id:
CVE-2020-6383
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6383
Comment
: Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html (MISC)
https://crbug.com/1051017 (MISC)
RHSA-2020:0738 (REDHAT)
DSA-4638 (DEBIAN)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6382
CVE: CVE-2020-6382
Id:
CVE-2020-6382
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
Comment
: Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1031909 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2021-30513
CVE: CVE-2021-30513
Id:
CVE-2021-30513
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30513
Comment
: Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1200490 (MISC)
GLSA-202107-06 (GENTOO)
FEDORA-2021-f94dadff78 ()
FEDORA-2021-ca58c57bdf ()
CVE: CVE-2019-5813
CVE: CVE-2019-5813
Id:
CVE-2019-5813
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813
Comment
: Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html ()
https://crbug.com/942699 ()
openSUSE-SU-2019:1666 ()
FEDORA-2019-8fb8240d14 ()
FEDORA-2019-a1af621faf ()
DSA-4500 ()
20190813 [SECURITY] [DSA 4500-1] chromium security update ()
GLSA-201908-18 ()
CVE: CVE-2019-13698
CVE: CVE-2019-13698
Id:
CVE-2019-13698
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698
Comment
: Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/944971 ()
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop.html ()
CVE: CVE-2019-13696
CVE: CVE-2019-13696
Id:
CVE-2019-13696
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13696
Comment
: Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html ()
https://crbug.com/1000635 ()
CVE: CVE-2021-21231
CVE: CVE-2021-21231
Id:
CVE-2021-21231
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21231
Comment
: Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1198696 (MISC)
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html (MISC)
GLSA-202104-08 (GENTOO)
DSA-4911 (DEBIAN)
FEDORA-2021-c3754414e7 ()
FEDORA-2021-ff893e12c5 ()
FEDORA-2021-35d2bb4627 ()
CVE: CVE-2021-21230
CVE: CVE-2021-21230
Id:
CVE-2021-21230
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21230
Comment
: Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html (MISC)
https://crbug.com/1198705 (MISC)
GLSA-202104-08 (GENTOO)
DSA-4911 (DEBIAN)
FEDORA-2021-c3754414e7 ()
FEDORA-2021-ff893e12c5 ()
FEDORA-2021-35d2bb4627 ()
CVE: CVE-2020-6518
CVE: CVE-2020-6518
Id:
CVE-2020-6518
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518
Comment
: Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/986051 (MISC)
openSUSE-SU-2020:1061 (SUSE)
GLSA-202007-08 (GENTOO)
openSUSE-SU-2020:1148 (SUSE)
openSUSE-SU-2020:1172 (SUSE)
openSUSE-SU-2020:1048 (SUSE)
DSA-4824 (DEBIAN)
GLSA-202101-30 (GENTOO)
FEDORA-2020-bf684961d9 ()
FEDORA-2020-84d87cbd50 ()
CVE: CVE-2020-6537
CVE: CVE-2020-6537
Id:
CVE-2020-6537
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537
Comment
: Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html (MISC)
https://crbug.com/1105318 (MISC)
DSA-4824 (DEBIAN)
FEDORA-2020-6da740d38c ()
CVE: CVE-2020-6430
CVE: CVE-2020-6430
Id:
CVE-2020-6430
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430
Comment
: Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://crbug.com/1031479 (MISC)
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html (MISC)
openSUSE-SU-2020:0519 (SUSE)
openSUSE-SU-2020:0540 (SUSE)
DSA-4714 (DEBIAN)
FEDORA-2020-b82a634e27 ()
FEDORA-2020-0e7f1b663b ()
FEDORA-2020-da49fbb17c ()
CVE: CVE-2021-21227
CVE: CVE-2021-21227
Id:
CVE-2021-21227
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21227
Comment
: Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1199345 (MISC)
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html (MISC)
GLSA-202104-08 (GENTOO)
DSA-4911 (DEBIAN)
FEDORA-2021-c3754414e7 ()
FEDORA-2021-ff893e12c5 ()
FEDORA-2021-35d2bb4627 ()
CVE: CVE-2019-5841
CVE: CVE-2019-5841
Id:
CVE-2019-5841
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841
Comment
: Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html ()
https://crbug.com/969588 ()
CVE: CVE-2021-30599
CVE: CVE-2021-30599
Id:
CVE-2021-30599
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30599
Comment
: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://crbug.com/1234770 (MISC)
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html (MISC)
FEDORA-2021-78b9d84299 ()
FEDORA-2021-6225d60814 ()
FEDORA-2021-02b301441f ()
CVE: CVE-2019-13764
CVE: CVE-2019-13764
Id:
CVE-2019-13764
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13764
Comment
: Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1028863 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-13730
CVE: CVE-2019-13730
Id:
CVE-2019-13730
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13730
Comment
: Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1028862 (MISC)
RHSA-2019:4238 (REDHAT)
openSUSE-SU-2019:2692 (SUSE)
openSUSE-SU-2019:2694 (SUSE)
20200120 [SECURITY] [DSA 4606-1] chromium security update (BUGTRAQ)
DSA-4606 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2019-1a10c04281 ()
FEDORA-2020-4355ea258e ()
CVE: CVE-2019-5831
CVE: CVE-2019-5831
Id:
CVE-2019-5831
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831
Comment
: Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html ()
https://crbug.com/950328 ()
openSUSE-SU-2019:1666 ()
FEDORA-2019-8fb8240d14 ()
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791 ()
FEDORA-2019-a1af621faf ()
DSA-4500 ()
20190813 [SECURITY] [DSA 4500-1] chromium security update ()
GLSA-201908-18 ()
FEDORA-2019-e5ff5d0ffd ()
CVE: CVE-2021-21169
CVE: CVE-2021-21169
Id:
CVE-2021-21169
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21169
Comment
: Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1166138 (MISC)
DSA-4886 (DEBIAN)
GLSA-202104-08 (GENTOO)
FEDORA-2021-c88a96bd4b ()
FEDORA-2021-4740239e28 ()
FEDORA-2021-78547312f2 ()
CVE: CVE-2019-5847
CVE: CVE-2019-5847
Id:
CVE-2019-5847
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847
Comment
: Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/972921 ()
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop.html ()
CVE: CVE-2019-13670
CVE: CVE-2019-13670
Id:
CVE-2019-13670
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13670
Comment
: Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/980891 ()
CVE: CVE-2020-16042
CVE: CVE-2020-16042
Id:
CVE-2020-16042
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042
Comment
: Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
908 ()
References:
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1151890 (MISC)
CVE: CVE-2020-16040
CVE: CVE-2020-16040
Id:
CVE-2020-16040
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040
Comment
: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1150649 (MISC)
http://packetstormsecurity.com/files/162087/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.html (MISC)
http://packetstormsecurity.com/files/162106/Google-Chrome-86.0.4240-V8-Remote-Code-Execution.html (MISC)
http://packetstormsecurity.com/files/162144/Google-Chrome-SimplfiedLowering-Integer-Overflow.html (MISC)
CVE: CVE-2020-6395
CVE: CVE-2020-6395
Id:
CVE-2020-6395
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
Comment
: Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://crbug.com/1022855 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2019-5825
CVE: CVE-2019-5825
Id:
CVE-2019-5825
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825
Comment
: Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/941743 (MISC)
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html (MISC)
http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.html (MISC)
CVE: CVE-2023-0466
CVE: CVE-2023-0466
Id:
CVE-2023-0466
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
Comment
: The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
CVSSv3 Score:
5.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE:
295 (Certificate Issues)
References:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72 (MISC)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (MISC)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061 (MISC)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a (MISC)
https://www.openssl.org/news/secadv/20230328.txt (MISC)
https://security.netapp.com/advisory/ntap-20230414-0001/ (MISC)
https://www.debian.org/security/2023/dsa-5417 (MISC)
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html (MISC)
http://www.openwall.com/lists/oss-security/2023/09/28/4 (MISC)
https://security.gentoo.org/glsa/202402-08 ()
CVE: CVE-2019-5784
CVE: CVE-2019-5784
Id:
CVE-2019-5784
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5784
Comment
: Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/915975 ()
https://chromereleases.googleblog.com/2019/02/stable-channel-update-for-desktop.html ()
Content available only for registered users!
ovaldb@altx-soft.com