Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:126820
[Rus]
Version
3
Class
patch
ALTXid
316802
Language
English
Severity
High
Title
RHSA-2020:0514 -- chromium-browser security update
Description
This update upgrades Chromium to version 80.0.3987.87.
Family
unix
Platform
Red Hat Enterprise Linux 6
Product
chromium-browser
Reference
VENDOR: RHSA-2020:0514
VENDOR: RHSA-2020:0514
Id:
RHSA-2020:0514
Reference:
https://access.redhat.com/errata/RHSA-2020:0514
CVE: CVE-2019-18197
CVE: CVE-2019-18197
Id:
CVE-2019-18197
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
Comment
: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285 (MISC)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746 (MISC)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768 (MISC)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914 (MISC)
USN-4164-1 (UBUNTU)
[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update (MLIST)
https://security.netapp.com/advisory/ntap-20191031-0004/ (CONFIRM)
[oss-security] 20191117 Nokogiri security update v1.10.5 (MLIST)
openSUSE-SU-2020:0189 (SUSE)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
N/A (N/A)
https://security.netapp.com/advisory/ntap-20200416-0004/ (CONFIRM)
openSUSE-SU-2020:0731 (SUSE)
CVE: CVE-2019-19880
CVE: CVE-2019-19880
Id:
CVE-2019-19880
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880
Comment
: exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 (MISC)
https://security.netapp.com/advisory/ntap-20200114-0001/ (CONFIRM)
openSUSE-SU-2020:0189 (SUSE)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
USN-4298-1 (UBUNTU)
N/A (N/A)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (CONFIRM)
CVE: CVE-2019-19923
CVE: CVE-2019-19923
Id:
CVE-2019-19923
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
Comment
: flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35 (MISC)
https://security.netapp.com/advisory/ntap-20200114-0003/ (CONFIRM)
openSUSE-SU-2020:0189 (SUSE)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
USN-4298-1 (UBUNTU)
N/A (N/A)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (CONFIRM)
CVE: CVE-2019-19925
CVE: CVE-2019-19925
Id:
CVE-2019-19925
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
Comment
: zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
434 (Unrestricted Upload of File with Dangerous Type)
References:
https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618 (MISC)
https://security.netapp.com/advisory/ntap-20200114-0003/ (CONFIRM)
openSUSE-SU-2020:0189 (SUSE)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
USN-4298-1 (UBUNTU)
N/A (N/A)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (CONFIRM)
CVE: CVE-2019-19926
CVE: CVE-2019-19926
Id:
CVE-2019-19926
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
Comment
: multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 (MISC)
https://security.netapp.com/advisory/ntap-20200114-0003/ (CONFIRM)
openSUSE-SU-2020:0189 (SUSE)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
USN-4298-1 (UBUNTU)
N/A (N/A)
USN-4298-2 (UBUNTU)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (CONFIRM)
CVE: CVE-2020-6381
CVE: CVE-2020-6381
Id:
CVE-2020-6381
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
Comment
: Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://crbug.com/1034394 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6382
CVE: CVE-2020-6382
Id:
CVE-2020-6382
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
Comment
: Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1031909 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6385
CVE: CVE-2020-6385
Id:
CVE-2020-6385
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385
Comment
: Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
754 (Improper Check for Unusual or Exceptional Conditions)
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1035399 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6387
CVE: CVE-2020-6387
Id:
CVE-2020-6387
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387
Comment
: Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1042535 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6388
CVE: CVE-2020-6388
Id:
CVE-2020-6388
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388
Comment
: Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://crbug.com/1042879 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
http://packetstormsecurity.com/files/157376/Chrome-AudioArray-Allocate-Data-Race-Out-Of-Bounds-Access.html (MISC)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6389
CVE: CVE-2020-6389
Id:
CVE-2020-6389
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389
Comment
: Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1042933 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6390
CVE: CVE-2020-6390
Id:
CVE-2020-6390
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390
Comment
: Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1045874 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
http://packetstormsecurity.com/files/157419/Chrome-ReadableStream-Close-Out-Of-Bounds-Access.html (MISC)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6391
CVE: CVE-2020-6391
Id:
CVE-2020-6391
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391
Comment
: Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1017871 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6392
CVE: CVE-2020-6392
Id:
CVE-2020-6392
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392
Comment
: Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
https://crbug.com/1030411 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6393
CVE: CVE-2020-6393
Id:
CVE-2020-6393
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393
Comment
: Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
862 (Missing Authorization)
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1035058 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6394
CVE: CVE-2020-6394
Id:
CVE-2020-6394
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394
Comment
: Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3 Score:
5.4
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References:
https://crbug.com/1014371 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6395
CVE: CVE-2020-6395
Id:
CVE-2020-6395
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
Comment
: Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://crbug.com/1022855 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6396
CVE: CVE-2020-6396
Id:
CVE-2020-6396
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396
Comment
: Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://crbug.com/1035271 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6397
CVE: CVE-2020-6397
Id:
CVE-2020-6397
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397
Comment
: Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1027408 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6398
CVE: CVE-2020-6398
Id:
CVE-2020-6398
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398
Comment
: Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
908 ()
References:
https://crbug.com/1032090 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6399
CVE: CVE-2020-6399
Id:
CVE-2020-6399
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399
Comment
: Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1039869 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6400
CVE: CVE-2020-6400
Id:
CVE-2020-6400
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400
Comment
: Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
203 (Information Exposure Through Discrepancy)
References:
https://crbug.com/1038036 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6401
CVE: CVE-2020-6401
Id:
CVE-2020-6401
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401
Comment
: Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1017707 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6402
CVE: CVE-2020-6402
Id:
CVE-2020-6402
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402
Comment
: Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://crbug.com/1029375 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6403
CVE: CVE-2020-6403
Id:
CVE-2020-6403
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403
Comment
: Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1006012 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6404
CVE: CVE-2020-6404
Id:
CVE-2020-6404
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404
Comment
: Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1024256 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6405
CVE: CVE-2020-6405
Id:
CVE-2020-6405
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405
Comment
: Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1042145 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6406
CVE: CVE-2020-6406
Id:
CVE-2020-6406
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406
Comment
: Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1042254 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6408
CVE: CVE-2020-6408
Id:
CVE-2020-6408
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408
Comment
: Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1026546 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6409
CVE: CVE-2020-6409
Id:
CVE-2020-6409
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409
Comment
: Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1037889 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6410
CVE: CVE-2020-6410
Id:
CVE-2020-6410
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410
Comment
: Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/881675 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6411
CVE: CVE-2020-6411
Id:
CVE-2020-6411
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411
Comment
: Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3 Score:
5.4
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE:
20 (Improper Input Validation)
References:
https://crbug.com/929711 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6412
CVE: CVE-2020-6412
Id:
CVE-2020-6412
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412
Comment
: Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSSv3 Score:
5.4
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE:
20 (Improper Input Validation)
References:
https://crbug.com/968505 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6413
CVE: CVE-2020-6413
Id:
CVE-2020-6413
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413
Comment
: Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
https://crbug.com/1005713 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6414
CVE: CVE-2020-6414
Id:
CVE-2020-6414
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414
Comment
: Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
https://crbug.com/1021855 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6415
CVE: CVE-2020-6415
Id:
CVE-2020-6415
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
Comment
: Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/1029576 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6416
CVE: CVE-2020-6416
Id:
CVE-2020-6416
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416
Comment
: Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
https://crbug.com/1031895 (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
DSA-4638 (DEBIAN)
GLSA-202003-08 (GENTOO)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
CVE: CVE-2020-6417
CVE: CVE-2020-6417
Id:
CVE-2020-6417
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6417
Comment
: Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
https://crbug.com/1033824 (MISC)
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html (MISC)
openSUSE-SU-2020:0210 (SUSE)
RHSA-2020:0514 (REDHAT)
openSUSE-SU-2020:0233 (SUSE)
FEDORA-2020-f6271d7afa ()
FEDORA-2020-39e0b8bd14 ()
Content available only for registered users!
ovaldb@altx-soft.com