Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-13 CVE-2020-6437 Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6435 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6433 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6432 Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6431 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse CWE-276
4.3
4.3
2020-04-12 CVE-2020-11724 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in OpenResty before 1.15.8.4.
network
low complexity
openresty debian CWE-444
5.0
5.0
2020-04-09 CVE-2020-11655 Improper Initialization vulnerability in multiple products
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. 		5.0
5.0
2020-04-02 CVE-2020-1927 Open Redirect vulnerability in multiple products
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. 		6.1
6.1
2020-04-01 CVE-2020-1934 Use of Uninitialized Resource vulnerability in multiple products
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. 		5.3
5.3
2020-04-01 CVE-2020-7066 In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. 4.3
4.3