OpenSuse Backports Sle

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183

CVE-2020-16011 9.6 - Critical - November 03, 2020

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Memory Corruption

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183

CVE-2020-16009 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183

CVE-2020-16008 8.8 - High - November 03, 2020

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

Memory Corruption

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183

CVE-2020-16007 7.8 - High - November 03, 2020

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

Improper Input Validation

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183

CVE-2020-16006 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183

CVE-2020-16005 8.8 - High - November 03, 2020

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in user interface in Google Chrome prior to 86.0.4240.183

CVE-2020-16004 8.8 - High - November 03, 2020

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in printing in Google Chrome prior to 86.0.4240.111

CVE-2020-16003 8.8 - High - November 03, 2020

Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in PDFium in Google Chrome prior to 86.0.4240.111

CVE-2020-16002 8.8 - High - November 03, 2020

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Dangling pointer

Use after free in media in Google Chrome prior to 86.0.4240.111

CVE-2020-16001 8.8 - High - November 03, 2020

Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111

CVE-2020-16000 8.8 - High - November 03, 2020

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111

CVE-2020-15999 6.5 - Medium - November 03, 2020

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75

CVE-2020-15992 8.8 - High - November 03, 2020

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

Use after free in password manager in Google Chrome prior to 86.0.4240.75

CVE-2020-15991 8.8 - High - November 03, 2020

Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in autofill in Google Chrome prior to 86.0.4240.75

CVE-2020-15990 8.8 - High - November 03, 2020

Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75

CVE-2020-15989 5.5 - Medium - November 03, 2020

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Improper Initialization

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75

CVE-2020-15988 6.3 - Medium - November 03, 2020

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75

CVE-2020-15987 8.8 - High - November 03, 2020

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

Dangling pointer

Integer overflow in media in Google Chrome prior to 86.0.4240.75

CVE-2020-15986 6.5 - Medium - November 03, 2020

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75

CVE-2020-15985 6.5 - Medium - November 03, 2020

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75

CVE-2020-15984 6.5 - Medium - November 03, 2020

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75

CVE-2020-15983 7.8 - High - November 03, 2020

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

Improper Input Validation

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75

CVE-2020-15982 6.5 - Medium - November 03, 2020

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75

CVE-2020-15981 6.5 - Medium - November 03, 2020

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Out-of-bounds Read

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75

CVE-2020-15980 7.8 - High - November 03, 2020

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75

CVE-2020-15979 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75

CVE-2020-15978 8.8 - High - November 03, 2020

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

Improper Input Validation

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75

CVE-2020-15977 6.5 - Medium - November 03, 2020

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Improper Input Validation

Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75

CVE-2020-15976 8.8 - High - November 03, 2020

Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75

CVE-2020-15975 8.8 - High - November 03, 2020

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Integer Overflow or Wraparound

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75

CVE-2020-15974 8.8 - High - November 03, 2020

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Integer Overflow or Wraparound

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75

CVE-2020-15973 6.5 - Medium - November 03, 2020

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.

Use after free in audio in Google Chrome prior to 86.0.4240.75

CVE-2020-15972 8.8 - High - November 03, 2020

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in printing in Google Chrome prior to 86.0.4240.75

CVE-2020-15971 8.8 - High - November 03, 2020

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in NFC in Google Chrome prior to 86.0.4240.75

CVE-2020-15970 8.8 - High - November 03, 2020

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75

CVE-2020-15969 8.8 - High - November 03, 2020

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Blink in Google Chrome prior to 86.0.4240.75

CVE-2020-15968 8.8 - High - November 03, 2020

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in payments in Google Chrome prior to 86.0.4240.75

CVE-2020-15967 8.8 - High - November 03, 2020

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75

CVE-2020-6557 6.5 - Medium - November 03, 2020

Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5

CVE-2020-25829 7.5 - High - October 16, 2020

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability

CVE-2020-15229 9.3 - Critical - October 14, 2020

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `--fakeroot` or a VM for that.

Directory traversal

phpMyAdmin before 4.9.6 and 5.x before 5.0.3

CVE-2020-26934 6.1 - Medium - October 10, 2020

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

XSS

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3

CVE-2020-26935 9.8 - Critical - October 10, 2020

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

SQL Injection

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets

CVE-2020-26164 5.5 - Medium - October 07, 2020

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

Resource Exhaustion

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2

CVE-2020-11800 9.8 - Critical - October 07, 2020

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

A missing rate limit in the Preferred Providers app 1.7.0

CVE-2020-8228 5.3 - Medium - October 05, 2020

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

Improper Restriction of Excessive Authentication Attempts

Pagure before 5.6 allows XSS

CVE-2019-11556 6.1 - Medium - September 25, 2020

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

XSS

Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83

CVE-2020-6571 4.3 - Medium - September 21, 2020

Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Improper Input Validation

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121

CVE-2020-15966 4.3 - Medium - September 21, 2020

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

Type confusion in V8 in Google Chrome prior to 85.0.4183.121

CVE-2020-15965 8.8 - High - September 21, 2020

Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Object Type Confusion

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121

CVE-2020-15964 8.8 - High - September 21, 2020

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121

CVE-2020-15963 9.6 - Critical - September 21, 2020

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121

CVE-2020-15962 8.8 - High - September 21, 2020

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121

CVE-2020-15961 9.6 - Critical - September 21, 2020

Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121

CVE-2020-15960 8.8 - High - September 21, 2020

Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102

CVE-2020-15959 4.3 - Medium - September 21, 2020

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102

CVE-2020-6576 8.8 - High - September 21, 2020

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Race in Mojo in Google Chrome prior to 85.0.4183.102

CVE-2020-6575 8.3 - High - September 21, 2020

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Race Condition

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102

CVE-2020-6574 7.8 - High - September 21, 2020

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

Use after free in video in Google Chrome on Android prior to 85.0.4183.102

CVE-2020-6573 9.6 - Critical - September 21, 2020

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83

CVE-2020-6570 4.3 - Medium - September 21, 2020

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.

Information Disclosure

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83

CVE-2020-6569 6.3 - Medium - September 21, 2020

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Integer Overflow or Wraparound

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83

CVE-2020-6568 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83

CVE-2020-6567 6.5 - Medium - September 21, 2020

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Improper Input Validation

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83

CVE-2020-6566 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83

CVE-2020-6564 6.5 - Medium - September 21, 2020

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

Improper Preservation of Permissions

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83

CVE-2020-6563 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83

CVE-2020-6562 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Incorrect Permission Assignment for Critical Resource

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83

CVE-2020-6560 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Use after free in presentation API in Google Chrome prior to 85.0.4183.83

CVE-2020-6559 8.8 - High - September 21, 2020

Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83

CVE-2020-6558 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

XSS

Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83

CVE-2020-6565 6.5 - Medium - September 21, 2020

Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83

CVE-2020-6561 6.5 - Medium - September 21, 2020

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9

CVE-2020-25032 7.5 - High - August 31, 2020

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

Directory traversal

A flaw was found in librepo in versions before 1.12.1

CVE-2020-14352 8 - High - August 30, 2020

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.

Directory traversal

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG

CVE-2020-24972 8.8 - High - August 29, 2020

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.

Output Sanitization

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code

CVE-2020-24614 8.8 - High - August 25, 2020

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

AuthZ

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0

CVE-2020-8233 8.8 - High - August 17, 2020

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

Shell injection

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1

CVE-2020-8026 7.8 - High - August 07, 2020

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

Incorrect Default Permissions

scm/define-stencil-commands.scm in LilyPond through 2.20.0

CVE-2020-17353 9.8 - Critical - August 05, 2020

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle

CVE-2020-16118 7.5 - High - July 29, 2020

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

NULL Pointer Dereference

common/session.c in Claws Mail before 3.17.6 has a protocol violation

CVE-2020-15917 9.8 - Critical - July 23, 2020

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.

Use after free in developer tools in Google Chrome prior to 84.0.4147.89

CVE-2020-6518 8.8 - High - July 22, 2020

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89

CVE-2020-6510 7.8 - High - July 22, 2020

Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Information leak in content security policy in Google Chrome prior to 84.0.4147.89

CVE-2020-6511 6.5 - Medium - July 22, 2020

Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Information Disclosure

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89

CVE-2020-6512 8.8 - High - July 22, 2020

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89

CVE-2020-6513 8.8 - High - July 22, 2020

Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Memory Corruption

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89

CVE-2020-6514 6.5 - Medium - July 22, 2020

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

Use after free in tab strip in Google Chrome prior to 84.0.4147.89

CVE-2020-6515 8.8 - High - July 22, 2020

Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Policy bypass in CORS in Google Chrome prior to 84.0.4147.89

CVE-2020-6516 4.3 - Medium - July 22, 2020

Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89

CVE-2020-6517 8.8 - High - July 22, 2020

Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89

CVE-2020-6519 6.5 - Medium - July 22, 2020

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89

CVE-2020-6520 8.8 - High - July 22, 2020

Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Classic Buffer Overflow

Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89

CVE-2020-6521 6.5 - Medium - July 22, 2020

Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Information Disclosure

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89

CVE-2020-6522 9.6 - Critical - July 22, 2020

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89

CVE-2020-6523 8.8 - High - July 22, 2020

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89

CVE-2020-6525 8.8 - High - July 22, 2020

Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89

CVE-2020-6530 8.8 - High - July 22, 2020

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Buffer Overflow

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89

CVE-2020-6526 6.5 - Medium - July 22, 2020

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89

CVE-2020-6524 8.8 - High - July 22, 2020

Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption