CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1801 CVE-2020-16103 704 Exec Code 2020-12-14 2020-12-16
6.5
None Remote Low ??? Partial Partial Partial
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.
1802 CVE-2020-16102 287 2020-12-14 2020-12-16
6.4
None Remote Low Not required None Partial Partial
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.
1803 CVE-2020-16045 416 2021-01-14 2021-01-19
6.8
None Remote Medium Not required Partial Partial Partial
Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1804 CVE-2020-16044 416 2021-02-09 2021-02-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
1805 CVE-2020-16043 Bypass 2021-01-08 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.
1806 CVE-2020-16035 Bypass 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.
1807 CVE-2020-16029 862 Bypass 2021-01-08 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file.
1808 CVE-2020-16028 787 Overflow 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1809 CVE-2020-16026 416 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1810 CVE-2020-16025 787 Overflow 2021-01-08 2021-02-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1811 CVE-2020-16024 787 Overflow 2021-01-08 2021-02-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1812 CVE-2020-16023 416 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1813 CVE-2020-16022 862 Bypass 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page.
1814 CVE-2020-16020 Bypass 2021-01-08 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass discretionary access control via a malicious file.
1815 CVE-2020-16019 Bypass 2021-01-08 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file.
1816 CVE-2020-16018 416 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1817 CVE-2020-16017 416 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1818 CVE-2020-16016 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1819 CVE-2020-16015 787 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1820 CVE-2020-16014 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1821 CVE-2020-16013 787 2021-01-08 2021-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1822 CVE-2020-16011 787 Overflow 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1823 CVE-2020-16010 787 Overflow 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1824 CVE-2020-16009 787 2020-11-03 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1825 CVE-2020-16008 787 Overflow 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
1826 CVE-2020-16006 787 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1827 CVE-2020-16005 787 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1828 CVE-2020-16004 416 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1829 CVE-2020-16003 416 2020-11-03 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1830 CVE-2020-16002 416 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
1831 CVE-2020-16001 416 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1832 CVE-2020-16000 787 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1833 CVE-2020-15998 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1834 CVE-2020-15997 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1835 CVE-2020-15996 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1836 CVE-2020-15995 787 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1837 CVE-2020-15994 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1838 CVE-2020-15993 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1839 CVE-2020-15992 Bypass 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
1840 CVE-2020-15991 416 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1841 CVE-2020-15990 416 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1842 CVE-2020-15988 Exec Code 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
1843 CVE-2020-15987 416 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
1844 CVE-2020-15979 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1845 CVE-2020-15978 20 Bypass 2020-11-03 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
1846 CVE-2020-15976 416 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1847 CVE-2020-15975 190 Overflow 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1848 CVE-2020-15974 190 Overflow Bypass 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
1849 CVE-2020-15972 416 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1850 CVE-2020-15971 416 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.