Monthly Archive: May 2020

Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Date published...

Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML...

Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Date published : 2020-05-20 https://www.debian.org/security/2020/dsa-4714 https://security.gentoo.org/glsa/202005-13

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Date published : 2020-05-20 https://www.debian.org/security/2020/dsa-4714 https://www.debian.org/security/2020/dsa-4736

Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Date...

Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Date published...

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. Date published : 2020-05-20 https://www.debian.org/security/2020/dsa-4714 https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html

Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Date published : 2020-05-20 https://www.debian.org/security/2020/dsa-4714 https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html

Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Date published : 2020-05-20 https://www.debian.org/security/2020/dsa-4714 https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html

Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Date published : 2020-05-20 https://www.debian.org/security/2020/dsa-4714 https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim’s Signal phone and disclose currently used DNS server due to ICE Candidate handling before...

SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. Date published : 2020-05-20 https://jvn.jp/en/jp/JVN20248858/index.html https://www.paidmembershipspro.com/pmpro-update-2-3-3-security-release/

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support...

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of...