Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-11	CVE-2020-6396	Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	4.3
2020-02-11	CVE-2020-6394	Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	5.4
2020-02-11	CVE-2020-6393	Missing Authorization vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-862	6.5
2020-02-11	CVE-2020-6392	Cross-site Scripting vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-02-11	CVE-2020-6391	Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-01-15	CVE-2020-2601	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). network high complexity oracle debian canonical opensuse netapp redhat	6.8
2020-01-15	CVE-2020-2593	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). network high complexity oracle redhat debian canonical opensuse mcafee netapp	4.8
2020-01-14	CVE-2015-3147	Link Following vulnerability in Redhat products daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. network low complexity redhat CWE-59	6.5
2020-01-08	CVE-2019-17022	Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. network low complexity mozilla canonical debian redhat CWE-79	6.1
2020-01-08	CVE-2019-17016	Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. network low complexity mozilla debian canonical redhat CWE-79	6.1