High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-13	CVE-2020-6439	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-276	8.8
2020-04-13	CVE-2020-6436	Use After Free vulnerability in multiple products Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-416	8.8
2020-04-13	CVE-2020-6434	Use After Free vulnerability in multiple products Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-416	8.8
2020-04-13	CVE-2020-6430	Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-843	8.8
2020-04-13	CVE-2020-6423	Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject opensuse debian CWE-416	8.8
2020-04-10	CVE-2020-11647	Uncontrolled Recursion vulnerability in multiple products In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. network low complexity wireshark debian opensuse CWE-674	7.5
2020-04-08	CVE-2020-11653	Reachable Assertion vulnerability in multiple products An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. network low complexity varnish-cache varnish-software opensuse debian CWE-617	7.5
2020-04-07	CVE-2020-11620	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). network high complexity fasterxml debian netapp oracle CWE-502	8.1
2020-04-07	CVE-2020-11619	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). network high complexity fasterxml debian netapp oracle CWE-502	8.1
2020-04-07	CVE-2020-11612	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. network low complexity netty debian fedoraproject netapp oracle CWE-770	7.5