Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-13 | CVE-2020-6431 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. | 4.3 |
| 2020-04-13 | CVE-2020-6430 | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-04-13 | CVE-2020-6423 | Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-04-12 | CVE-2020-11724 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in OpenResty before 1.15.8.4. | 5.0 |
| 2020-04-10 | CVE-2020-11647 | Uncontrolled Recursion vulnerability in multiple products In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. | 7.5 |
| 2020-04-09 | CVE-2020-11655 | Improper Initialization vulnerability in multiple products SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | 5.0 |
| 2020-04-08 | CVE-2020-11653 | Reachable Assertion vulnerability in multiple products An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. | 7.5 |
| 2020-04-07 | CVE-2020-11620 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | 8.1 |
| 2020-04-07 | CVE-2020-11619 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | 8.1 |
| 2020-04-07 | CVE-2020-11612 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. | 7.5 |