Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-13 CVE-2020-6438 Information Exposure Through an Error Message vulnerability in multiple products
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
network
low complexity
google debian fedoraproject opensuse CWE-209
4.3
4.3
2020-04-13 CVE-2020-6437 Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6435 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6433 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6432 Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6431 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse CWE-276
4.3
4.3
2020-04-02 CVE-2020-11494 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2.
local
low complexity
linux opensuse debian canonical CWE-909
4.4
4.4
2020-04-02 CVE-2020-1927 Open Redirect vulnerability in multiple products
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. 		6.1
6.1
2020-04-01 CVE-2020-1934 Use of Uninitialized Resource vulnerability in multiple products
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. 		5.3
5.3
2020-04-01 CVE-2020-7066 In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it.
network
low complexity
php tenable opensuse debian
4.3
4.3