Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:1206-1 Rating: important References: 1174497 1175044 1175085 Cross-References: CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550...

Information Disclosure

djangoceleryresults is vulnerable to information disclosure. The vulnerability exists as it stores the results of a celery task in the database in plaintext without any sanitization...

Google Chrome Security Update (stable-channel-update-for-desktop-2020-08) - Windows

Google Chrome is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Google Chrome Security Update (stable-channel-update-for-desktop-2020-08) - Linux

Google Chrome is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

FreeBSD : chromium -- multiple vulnerabilities (1110e286-dc08-11ea-beed-e09467587c17)

Chrome Releases reports : This release contains 15 security fixes, including : - 1107433 High CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20 - 1104046 High CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang on 2020-07-10 - 11084...

PYSEC-2020-38

django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database...

Information disclosure

django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database...

UBUNTU-CVE-2020-17495

django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database...

CVE-2020-17495

CVE-2020-17495 affects django-celery-results up to version 1.2.1: task results are stored in the database and may include the original task variables, which can contain sensitive cleartext data. The Red Hat entry reiterates that this data is stored unencrypted in the database, implying potential ...

CVE-2020-6543

Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Chrome Code Execution Vulnerability (CNVD-2020-49881)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Task Arrangement in versions prior to Google Chrome 84.0.4147.125. An attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service...

The vulnerability of Google Chrome browser-based task scheduler allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of Google Chrome’s task scheduler relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service failures through a specially created HTML page...

CVE-2020-4534

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute...

kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.

A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...

Microsoft Edge (Chromium) < 81.0.416.68 Multiple Vulnerabilities

The version of Microsoft Edge Chromium installed on the remote Windows host is prior to 81.0.416.68. It is, therefore, affected by multiple vulnerabilities: - A use after free in storage in Microsoft Edge Chromium allowed a remote attacker who had compromised the renderer process to potentially...

Mail.ru: Un Authencitated Quartz Pannel with Scheduling tasks

Access to staging testing host task control panel was not restricted and allowed to stop or start scheduled task...

kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.

A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...

kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.

A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...

UBUNTU-CVE-2020-15852

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tssinvalidateiobitmap mishandling causes a loss of synchronization between the I/O bitmaps ...

CVE-2020-15051

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields...