» 2020 » 11월

CVE-2020-15984

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-15984

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.

Source: CVE-2020-15984

CVE-2020-15971

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-15971

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Source: CVE-2020-15971

CVE-2020-15970

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-15970

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Source: CVE-2020-15970

CVE-2020-15969

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-15969

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2020-15969

CVE-2020-15968

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-15968

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2020-15968

CVE-2020-15967

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-15967

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Source: CVE-2020-15967

CVE-2020-9861

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-9861

A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.

Source: CVE-2020-9861

CVE-2020-23868

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-23868

NeDi 1.9C allows inc/rt-popup.php d XSS.

Source: CVE-2020-23868

CVE-2020-26939

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.

Source: CVE-2020-26939

CVE-2020-7757

Posted on 2020년 11월 3일2020년 11월 3일 by admin

CVE-2020-7757

This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.

Source: CVE-2020-7757