CVE-2020-7046
- EPSS 51.26%
- Veröffentlicht 12.02.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:33
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
CVE-2020-7957
- EPSS 1.88%
- Veröffentlicht 12.02.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:38:05
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read a...
CVE-2020-6415
- EPSS 1.99%
- Veröffentlicht 11.02.2020 15:15:14
- Zuletzt bearbeitet 21.11.2024 05:35:41
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6416
- EPSS 1.99%
- Veröffentlicht 11.02.2020 15:15:14
- Zuletzt bearbeitet 21.11.2024 05:35:41
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6396
- EPSS 1.74%
- Veröffentlicht 11.02.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:35:38
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6397
- EPSS 1.92%
- Veröffentlicht 11.02.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:35:38
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-6398
- EPSS 1.79%
- Veröffentlicht 11.02.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:35:38
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2020-6400
- EPSS 2%
- Veröffentlicht 11.02.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:35:39
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6402
- EPSS 2.66%
- Veröffentlicht 11.02.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:35:39
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
CVE-2020-6403
- EPSS 1.61%
- Veröffentlicht 11.02.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:35:39
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.