Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2019-13745 | Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13744 | Information Exposure vulnerability in multiple products Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13743 | Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13742 | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
| 2019-12-10 | CVE-2019-13740 | Origin Validation Error vulnerability in multiple products Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13739 | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 6.5 |
| 2019-12-10 | CVE-2019-13738 | Improper Privilege Management vulnerability in multiple products Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13737 | Information Exposure vulnerability in multiple products Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2016-1000108 | Open Redirect vulnerability in multiple products yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.8 |
| 2019-12-10 | CVE-2013-4184 | Link Following vulnerability in multiple products Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | 5.5 |