Backports Sle OpenSuse Backports Sle

stack.watch can email you when security vulnerabilities are reported in OpenSuse Backports Sle. You can add multiple products that you use with Backports Sle to create your own personal software stack watcher.

By the Year

In 2021 there have been 0 vulnerabilities in OpenSuse Backports Sle . Last year Backports Sle had 72 security vulnerabilities published. Right now, Backports Sle is on track to have less security vulnerabilities in 2021 than it did last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 72 7.31
2019 9 7.89
2018 0 0.00

It may take a day or so for new Backports Sle vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest OpenSuse Backports Sle Security Vulnerabilities

Use after free in PDFium in Google Chrome prior to 86.0.4240.111

CVE-2020-16002 8.8 - High - November 03, 2020

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2020-16002 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183

CVE-2020-16006 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16006 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183

CVE-2020-16005 8.8 - High - November 03, 2020

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16005 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Use after free in user interface in Google Chrome prior to 86.0.4240.183

CVE-2020-16004 8.8 - High - November 03, 2020

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16004 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183

CVE-2020-16007 7.8 - High - November 03, 2020

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

CVE-2020-16007 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183

CVE-2020-16008 8.8 - High - November 03, 2020

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

CVE-2020-16008 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183

CVE-2020-16009 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-16009 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Use after free in payments in Google Chrome prior to 86.0.4240.75

CVE-2020-15967 8.8 - High - November 03, 2020

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-15967 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Use after free in Blink in Google Chrome prior to 86.0.4240.75

CVE-2020-15968 8.8 - High - November 03, 2020

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-15968 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Use after free in printing in Google Chrome prior to 86.0.4240.75

CVE-2020-15971 8.8 - High - November 03, 2020

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-15971 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Use after free in audio in Google Chrome prior to 86.0.4240.75

CVE-2020-15972 8.8 - High - November 03, 2020

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-15972 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75

CVE-2020-15973 6.5 - Medium - November 03, 2020

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.

CVE-2020-15973 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75

CVE-2020-15980 7.8 - High - November 03, 2020

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.

CVE-2020-15980 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75

CVE-2020-15969 8.8 - High - November 03, 2020

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-15969 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75

CVE-2020-15987 8.8 - High - November 03, 2020

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

CVE-2020-15987 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75

CVE-2020-15989 5.5 - Medium - November 03, 2020

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

CVE-2020-15989 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Improper Initialization

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5

CVE-2020-25829 7.5 - High - October 16, 2020

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).

CVE-2020-25829 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3

CVE-2020-26935 9.8 - Critical - October 10, 2020

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

CVE-2020-26935 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

phpMyAdmin before 4.9.6 and 5.x before 5.0.3

CVE-2020-26934 6.1 - Medium - October 10, 2020

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

CVE-2020-26934 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets

CVE-2020-26164 5.5 - Medium - October 07, 2020

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

CVE-2020-26164 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Uncontrolled Resource Consumption ('Resource Exhaustion')

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2

CVE-2020-11800 9.8 - Critical - October 07, 2020

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

CVE-2020-11800 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

A missing rate limit in the Preferred Providers app 1.7.0

CVE-2020-8228 5.3 - Medium - October 05, 2020

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

CVE-2020-8228 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Improper Restriction of Excessive Authentication Attempts

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83

CVE-2020-6564 6.5 - Medium - September 21, 2020

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

CVE-2020-6564 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Preservation of Permissions

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102

CVE-2020-6576 8.8 - High - September 21, 2020

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6576 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Race in Mojo in Google Chrome prior to 85.0.4183.102

CVE-2020-6575 8.3 - High - September 21, 2020

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-6575 can be explotited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Race Condition

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102

CVE-2020-6574 7.8 - High - September 21, 2020

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

CVE-2020-6574 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102

CVE-2020-15959 4.3 - Medium - September 21, 2020

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

CVE-2020-15959 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83

CVE-2020-6569 6.3 - Medium - September 21, 2020

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6569 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Integer Overflow or Wraparound

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83

CVE-2020-6568 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6568 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83

CVE-2020-6558 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6558 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Incorrect Permission Assignment for Critical Resource

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83

CVE-2020-6567 6.5 - Medium - September 21, 2020

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6567 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Input Validation

Use after free in presentation API in Google Chrome prior to 85.0.4183.83

CVE-2020-6559 8.8 - High - September 21, 2020

Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6559 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83

CVE-2020-6560 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6560 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83

CVE-2020-6561 6.5 - Medium - September 21, 2020

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6561 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83

CVE-2020-6563 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

CVE-2020-6563 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83

CVE-2020-6566 6.5 - Medium - September 21, 2020

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6566 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

A flaw was found in librepo in versions before 1.12.1

CVE-2020-14352 8 - High - August 30, 2020

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.

CVE-2020-14352 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Directory traversal

Information leak in content security policy in Google Chrome prior to 84.0.4147.89

CVE-2020-6511 6.5 - Medium - July 22, 2020

Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6511 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89

CVE-2020-6534 8.8 - High - July 22, 2020

Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6534 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89

CVE-2020-6512 8.8 - High - July 22, 2020

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6512 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Object Type Confusion

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89

CVE-2020-6530 8.8 - High - July 22, 2020

Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

CVE-2020-6530 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89

CVE-2020-6533 8.8 - High - July 22, 2020

Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6533 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Object Type Confusion

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89

CVE-2020-6535 6.1 - Medium - July 22, 2020

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.

CVE-2020-6535 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

An issue was discovered in LinuxTV xawtv before 3.107

CVE-2020-13696 4.4 - Medium - June 08, 2020

An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.

CVE-2020-13696 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Incorrect Permission Assignment for Critical Resource

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents

CVE-2020-12050 7 - High - April 30, 2020

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.

CVE-2020-12050 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.0 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Race Condition

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML

CVE-2020-11022 6.1 - Medium - April 29, 2020

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11022 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5

CVE-2020-12066 7.5 - High - April 22, 2020

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

CVE-2020-12066 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Uncontrolled Resource Consumption ('Resource Exhaustion')

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later

CVE-2020-7042 5.3 - Medium - February 27, 2020

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).

CVE-2020-7042 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Improper Certificate Validation

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2

CVE-2020-7043 9.1 - Critical - February 27, 2020

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

CVE-2020-7043 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Improper Certificate Validation

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later

CVE-2020-7041 5.3 - Medium - February 27, 2020

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.

CVE-2020-7041 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Improper Certificate Validation

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87

CVE-2020-6399 6.5 - Medium - February 11, 2020

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6399 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Improper Input Validation

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87

CVE-2020-6400 6.5 - Medium - February 11, 2020

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6400 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87

CVE-2020-6401 6.5 - Medium - February 11, 2020

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2020-6401 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Input Validation

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87

CVE-2020-6402 8.8 - High - February 11, 2020

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

CVE-2020-6402 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87

CVE-2020-6403 4.3 - Medium - February 11, 2020

Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2020-6403 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Improper Input Validation

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87

CVE-2020-6404 7.8 - High - February 11, 2020

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6404 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87

CVE-2020-6408 5.5 - Medium - February 11, 2020

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.

CVE-2020-6408 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87

CVE-2020-6412 5.4 - Medium - February 11, 2020

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2020-6412 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87

CVE-2020-6413 8.8 - High - February 11, 2020

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.

CVE-2020-6413 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87

CVE-2020-6414 8.8 - High - February 11, 2020

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6414 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87

CVE-2020-6398 8.8 - High - February 11, 2020

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2020-6398 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

1187

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87

CVE-2020-6397 6.5 - Medium - February 11, 2020

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVE-2020-6397 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Improper Input Validation

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87

CVE-2020-6396 4.3 - Medium - February 11, 2020

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2020-6396 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Improper Input Validation

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87

CVE-2020-6394 5.4 - Medium - February 11, 2020

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2020-6394 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87

CVE-2020-6393 6.5 - Medium - February 11, 2020

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2020-6393 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Improper Input Validation

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87

CVE-2020-6392 4.3 - Medium - February 11, 2020

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

CVE-2020-6392 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Improper Input Validation

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87

CVE-2020-6391 4.3 - Medium - February 11, 2020

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.

CVE-2020-6391 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Improper Input Validation

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87

CVE-2020-6385 8.8 - High - February 11, 2020

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.

CVE-2020-6385 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87

CVE-2020-6381 8.8 - High - February 11, 2020

Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6381 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Integer Overflow or Wraparound

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks

CVE-2020-7040 8.1 - High - January 21, 2020

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)

CVE-2020-7040 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

insecure temporary file

Use after free in media picker in Google Chrome prior to 79.0.3945.88

CVE-2019-13767 8.8 - High - January 10, 2020

Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-13767 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Use after free in audio in Google Chrome prior to 79.0.3945.117

CVE-2020-6377 8.8 - High - January 10, 2020

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6377 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

An issue was discovered in GNU LibreDWG 0.92

CVE-2019-20010 8.8 - High - December 27, 2019

An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.

CVE-2019-20010 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Dangling pointer

An issue was discovered in GNU LibreDWG 0.92

CVE-2019-20011 8.8 - High - December 27, 2019

An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.

CVE-2019-20011 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Read

An issue was discovered in GNU LibreDWG before 0.93

CVE-2019-20014 8.8 - High - December 27, 2019

An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.

CVE-2019-20014 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Double-free

An issue was discovered in GNU LibreDWG before 0.93

CVE-2019-20009 6.5 - Medium - December 27, 2019

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.

CVE-2019-20009 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Allocation of Resources Without Limits or Throttling

An issue was discovered in GNU LibreDWG 0.92

CVE-2019-20012 6.5 - Medium - December 27, 2019

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.

CVE-2019-20012 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Allocation of Resources Without Limits or Throttling

An issue was discovered in GNU LibreDWG before 0.93

CVE-2019-20013 6.5 - Medium - December 27, 2019

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

CVE-2019-20013 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Allocation of Resources Without Limits or Throttling

An issue was discovered in GNU LibreDWG 0.92

CVE-2019-20015 6.5 - Medium - December 27, 2019

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.

CVE-2019-20015 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Allocation of Resources Without Limits or Throttling

An issue was discovered in phpMyAdmin before 4.9.2

CVE-2019-18622 9.8 - Critical - November 22, 2019

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

CVE-2019-18622 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4

CVE-2019-5060 8.8 - High - July 31, 2019

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

CVE-2019-5060 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write