Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-6472 |
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. Published: May 21, 2020; 12:15:12 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-6471 |
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Published: May 21, 2020; 12:15:12 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2020-6470 |
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-6469 |
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2020-6468 |
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6467 |
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6466 |
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2020-6465 |
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2020-6464 |
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6463 |
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6462 |
Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2020-6461 |
Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2020-6460 |
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. Published: May 21, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-6459 |
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: May 21, 2020; 12:15:10 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6458 |
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Published: May 21, 2020; 12:15:10 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6457 |
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Published: May 21, 2020; 12:15:10 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2020-13252 |
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. Published: May 21, 2020; 12:15:10 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2020-12647 |
Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. Published: May 20, 2020; 11:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-5365 |
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. Published: May 20, 2020; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-5364 |
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. Published: May 20, 2020; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |