Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-21 | CVE-2020-6478 | Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
2020-05-21 | CVE-2020-6476 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 6.5 |
2020-05-21 | CVE-2020-6475 | Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
2020-05-21 | CVE-2020-6473 | Information Exposure Through Discrepancy vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2020-05-21 | CVE-2020-6472 | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. | 6.5 |
2020-05-21 | CVE-2020-6470 | Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. | 6.1 |
2020-05-21 | CVE-2020-6464 | Type Confusion vulnerability in multiple products Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.8 |
2020-05-21 | CVE-2020-6460 | Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. | 6.5 |
2020-05-21 | CVE-2020-6459 | Use After Free vulnerability in multiple products Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.8 |
2020-05-20 | CVE-2020-11078 | CRLF Injection vulnerability in multiple products In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. | 6.8 |