Backports Sle OpenSuse Backports Sle

Do you want an email whenever new security vulnerabilities are reported in OpenSuse Backports Sle?

By the Year

In 2022 there have been 0 vulnerabilities in OpenSuse Backports Sle . Backports Sle did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 155 7.24
2019 24 7.47
2018 0 0.00

It may take a day or so for new Backports Sle vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenSuse Backports Sle Security Vulnerabilities

Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75

CVE-2020-6557 6.5 - Medium - November 03, 2020

Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Use after free in payments in Google Chrome prior to 86.0.4240.75

CVE-2020-15967 8.8 - High - November 03, 2020

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Blink in Google Chrome prior to 86.0.4240.75

CVE-2020-15968 8.8 - High - November 03, 2020

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75

CVE-2020-15969 8.8 - High - November 03, 2020

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in NFC in Google Chrome prior to 86.0.4240.75

CVE-2020-15970 8.8 - High - November 03, 2020

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in printing in Google Chrome prior to 86.0.4240.75

CVE-2020-15971 8.8 - High - November 03, 2020

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in audio in Google Chrome prior to 86.0.4240.75

CVE-2020-15972 8.8 - High - November 03, 2020

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75

CVE-2020-15973 6.5 - Medium - November 03, 2020

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75

CVE-2020-15974 8.8 - High - November 03, 2020

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Integer Overflow or Wraparound

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75

CVE-2020-15975 8.8 - High - November 03, 2020

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Integer Overflow or Wraparound

Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75

CVE-2020-15976 8.8 - High - November 03, 2020

Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75

CVE-2020-15977 6.5 - Medium - November 03, 2020

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Improper Input Validation

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75

CVE-2020-15978 8.8 - High - November 03, 2020

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

Improper Input Validation

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75

CVE-2020-15979 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75

CVE-2020-15980 7.8 - High - November 03, 2020

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75

CVE-2020-15981 6.5 - Medium - November 03, 2020

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Out-of-bounds Read

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75

CVE-2020-15982 6.5 - Medium - November 03, 2020

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75

CVE-2020-15983 7.8 - High - November 03, 2020

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

Improper Input Validation

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75

CVE-2020-15984 6.5 - Medium - November 03, 2020

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75

CVE-2020-15985 6.5 - Medium - November 03, 2020

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.

Integer overflow in media in Google Chrome prior to 86.0.4240.75

CVE-2020-15986 6.5 - Medium - November 03, 2020

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75

CVE-2020-15987 8.8 - High - November 03, 2020

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

Dangling pointer

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75

CVE-2020-15988 6.3 - Medium - November 03, 2020

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75

CVE-2020-15989 5.5 - Medium - November 03, 2020

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Improper Initialization

Use after free in autofill in Google Chrome prior to 86.0.4240.75

CVE-2020-15990 8.8 - High - November 03, 2020

Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in password manager in Google Chrome prior to 86.0.4240.75

CVE-2020-15991 8.8 - High - November 03, 2020

Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75

CVE-2020-15992 8.8 - High - November 03, 2020

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111

CVE-2020-15999 6.5 - Medium - November 03, 2020

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111

CVE-2020-16000 8.8 - High - November 03, 2020

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in media in Google Chrome prior to 86.0.4240.111

CVE-2020-16001 8.8 - High - November 03, 2020

Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in PDFium in Google Chrome prior to 86.0.4240.111

CVE-2020-16002 8.8 - High - November 03, 2020

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Dangling pointer

Use after free in printing in Google Chrome prior to 86.0.4240.111

CVE-2020-16003 8.8 - High - November 03, 2020

Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in user interface in Google Chrome prior to 86.0.4240.183

CVE-2020-16004 8.8 - High - November 03, 2020

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183

CVE-2020-16005 8.8 - High - November 03, 2020

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183

CVE-2020-16006 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183

CVE-2020-16007 7.8 - High - November 03, 2020

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

Improper Input Validation

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183

CVE-2020-16008 8.8 - High - November 03, 2020

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

Memory Corruption

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183

CVE-2020-16009 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183

CVE-2020-16011 9.6 - Critical - November 03, 2020

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Memory Corruption

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5

CVE-2020-25829 7.5 - High - October 16, 2020

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).

phpMyAdmin before 4.9.6 and 5.x before 5.0.3

CVE-2020-26934 6.1 - Medium - October 10, 2020

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

XSS

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3

CVE-2020-26935 9.8 - Critical - October 10, 2020

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

SQL Injection

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets

CVE-2020-26164 5.5 - Medium - October 07, 2020

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

Resource Exhaustion

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2

CVE-2020-11800 9.8 - Critical - October 07, 2020

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

A missing rate limit in the Preferred Providers app 1.7.0

CVE-2020-8228 5.3 - Medium - October 05, 2020

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

Improper Restriction of Excessive Authentication Attempts

Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83

CVE-2020-6558 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Incorrect Permission Assignment for Critical Resource

Use after free in presentation API in Google Chrome prior to 85.0.4183.83

CVE-2020-6559 8.8 - High - September 21, 2020

Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83

CVE-2020-6560 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83

CVE-2020-6561 6.5 - Medium - September 21, 2020

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83

CVE-2020-6562 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Incorrect Permission Assignment for Critical Resource

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83

CVE-2020-6563 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83

CVE-2020-6564 6.5 - Medium - September 21, 2020

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

Improper Preservation of Permissions

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83

CVE-2020-6566 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83

CVE-2020-6567 6.5 - Medium - September 21, 2020

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Improper Input Validation

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83

CVE-2020-6568 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83

CVE-2020-6569 6.3 - Medium - September 21, 2020

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Integer Overflow or Wraparound

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83

CVE-2020-6570 4.3 - Medium - September 21, 2020

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.

Information Disclosure

Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83

CVE-2020-6571 4.3 - Medium - September 21, 2020

Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Improper Input Validation

Use after free in video in Google Chrome on Android prior to 85.0.4183.102

CVE-2020-6573 9.6 - Critical - September 21, 2020

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102

CVE-2020-6574 7.8 - High - September 21, 2020

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

Race in Mojo in Google Chrome prior to 85.0.4183.102

CVE-2020-6575 8.3 - High - September 21, 2020

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Race Condition

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102

CVE-2020-6576 8.8 - High - September 21, 2020

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102

CVE-2020-15959 4.3 - Medium - September 21, 2020

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121

CVE-2020-15960 8.8 - High - September 21, 2020

Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Memory Corruption

Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121

CVE-2020-15961 9.6 - Critical - September 21, 2020

Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121

CVE-2020-15962 8.8 - High - September 21, 2020

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121

CVE-2020-15963 9.6 - Critical - September 21, 2020

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121

CVE-2020-15964 8.8 - High - September 21, 2020

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Type confusion in V8 in Google Chrome prior to 85.0.4183.121

CVE-2020-15965 8.8 - High - September 21, 2020

Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Object Type Confusion

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121

CVE-2020-15966 4.3 - Medium - September 21, 2020

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

A flaw was found in librepo in versions before 1.12.1

CVE-2020-14352 8 - High - August 30, 2020

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.

Directory traversal

Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89

CVE-2020-6510 7.8 - High - July 22, 2020

Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Information leak in content security policy in Google Chrome prior to 84.0.4147.89

CVE-2020-6511 6.5 - Medium - July 22, 2020

Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Information Disclosure

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89

CVE-2020-6512 8.8 - High - July 22, 2020

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89

CVE-2020-6513 8.8 - High - July 22, 2020

Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Memory Corruption

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89

CVE-2020-6514 6.5 - Medium - July 22, 2020

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

Use after free in tab strip in Google Chrome prior to 84.0.4147.89

CVE-2020-6515 8.8 - High - July 22, 2020

Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Policy bypass in CORS in Google Chrome prior to 84.0.4147.89

CVE-2020-6516 4.3 - Medium - July 22, 2020

Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89

CVE-2020-6517 8.8 - High - July 22, 2020

Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in developer tools in Google Chrome prior to 84.0.4147.89

CVE-2020-6518 8.8 - High - July 22, 2020

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89

CVE-2020-6519 6.5 - Medium - July 22, 2020

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89

CVE-2020-6520 8.8 - High - July 22, 2020

Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Classic Buffer Overflow

Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89

CVE-2020-6521 6.5 - Medium - July 22, 2020

Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Information Disclosure

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89

CVE-2020-6522 9.6 - Critical - July 22, 2020

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89

CVE-2020-6523 8.8 - High - July 22, 2020

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89

CVE-2020-6524 8.8 - High - July 22, 2020

Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89

CVE-2020-6525 8.8 - High - July 22, 2020

Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89

CVE-2020-6526 6.5 - Medium - July 22, 2020

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89

CVE-2020-6527 4.3 - Medium - July 22, 2020

Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Incorrect Default Permissions

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89

CVE-2020-6528 4.3 - Medium - July 22, 2020

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

AuthZ

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89

CVE-2020-6529 4.3 - Medium - July 22, 2020

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.

Improper Input Validation

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89

CVE-2020-6530 8.8 - High - July 22, 2020

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Buffer Overflow

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89

CVE-2020-6531 4.3 - Medium - July 22, 2020

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Side Channel Attack

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89

CVE-2020-6533 8.8 - High - July 22, 2020

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89

CVE-2020-6534 8.8 - High - July 22, 2020

Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89

CVE-2020-6535 6.1 - Medium - July 22, 2020

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.

Improper Input Validation

Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89

CVE-2020-6536 4.3 - Medium - July 22, 2020

Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.

An issue was discovered in LinuxTV xawtv before 3.107

CVE-2020-13696 4.4 - Medium - June 08, 2020

An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.

Incorrect Permission Assignment for Critical Resource

Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97

CVE-2020-6496 8.8 - High - June 03, 2020

Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue

CVE-2020-13379 8.2 - High - June 03, 2020

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.

XSPA

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for OpenSuse Leap or by OpenSuse? Click the Watch button to subscribe.

OpenSuse
Vendor

subscribe