Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-11	CVE-2020-6408	Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	6.5
2020-02-11	CVE-2020-6403	Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	4.3
2020-02-11	CVE-2020-6400	Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-203	6.5
2020-02-11	CVE-2020-6397	Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	6.5
2020-02-11	CVE-2020-6396	Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	4.3
2020-02-11	CVE-2020-6394	Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	5.4
2020-02-11	CVE-2020-6393	Missing Authorization vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-862	6.5
2020-02-11	CVE-2020-6392	Cross-site Scripting vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-02-11	CVE-2020-6391	Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-02-10	CVE-2020-7060	Out-of-bounds Read vulnerability in multiple products When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. network low complexity php tenable oracle opensuse debian CWE-125	6.4