OpenSuse Backports Sle
By the Year
In 2024 there have been 0 vulnerabilities in OpenSuse Backports Sle . Backports Sle did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 237 | 7.42 |
2019 | 85 | 7.27 |
2018 | 1 | 7.50 |
It may take a day or so for new Backports Sle vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenSuse Backports Sle Security Vulnerabilities
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183
CVE-2020-16011
9.6 - Critical
- November 03, 2020
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Memory Corruption
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183
CVE-2020-16009
8.8 - High
- November 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183
CVE-2020-16008
8.8 - High
- November 03, 2020
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
Memory Corruption
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183
CVE-2020-16007
7.8 - High
- November 03, 2020
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
Improper Input Validation
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183
CVE-2020-16006
8.8 - High
- November 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183
CVE-2020-16005
8.8 - High
- November 03, 2020
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Use after free in user interface in Google Chrome prior to 86.0.4240.183
CVE-2020-16004
8.8 - High
- November 03, 2020
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in printing in Google Chrome prior to 86.0.4240.111
CVE-2020-16003
8.8 - High
- November 03, 2020
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in PDFium in Google Chrome prior to 86.0.4240.111
CVE-2020-16002
8.8 - High
- November 03, 2020
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Dangling pointer
Use after free in media in Google Chrome prior to 86.0.4240.111
CVE-2020-16001
8.8 - High
- November 03, 2020
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111
CVE-2020-16000
8.8 - High
- November 03, 2020
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111
CVE-2020-15999
6.5 - Medium
- November 03, 2020
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75
CVE-2020-15992
8.8 - High
- November 03, 2020
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
Use after free in password manager in Google Chrome prior to 86.0.4240.75
CVE-2020-15991
8.8 - High
- November 03, 2020
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Use after free in autofill in Google Chrome prior to 86.0.4240.75
CVE-2020-15990
8.8 - High
- November 03, 2020
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75
CVE-2020-15989
5.5 - Medium
- November 03, 2020
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Improper Initialization
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75
CVE-2020-15988
6.3 - Medium
- November 03, 2020
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75
CVE-2020-15987
8.8 - High
- November 03, 2020
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
Dangling pointer
Integer overflow in media in Google Chrome prior to 86.0.4240.75
CVE-2020-15986
6.5 - Medium
- November 03, 2020
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75
CVE-2020-15985
6.5 - Medium
- November 03, 2020
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75
CVE-2020-15984
6.5 - Medium
- November 03, 2020
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75
CVE-2020-15983
7.8 - High
- November 03, 2020
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
Improper Input Validation
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75
CVE-2020-15982
6.5 - Medium
- November 03, 2020
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75
CVE-2020-15981
6.5 - Medium
- November 03, 2020
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Out-of-bounds Read
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75
CVE-2020-15980
7.8 - High
- November 03, 2020
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75
CVE-2020-15979
8.8 - High
- November 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75
CVE-2020-15978
8.8 - High
- November 03, 2020
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Improper Input Validation
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75
CVE-2020-15977
6.5 - Medium
- November 03, 2020
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
Improper Input Validation
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75
CVE-2020-15976
8.8 - High
- November 03, 2020
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75
CVE-2020-15975
8.8 - High
- November 03, 2020
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Integer Overflow or Wraparound
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75
CVE-2020-15974
8.8 - High
- November 03, 2020
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Integer Overflow or Wraparound
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75
CVE-2020-15973
6.5 - Medium
- November 03, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
Use after free in audio in Google Chrome prior to 86.0.4240.75
CVE-2020-15972
8.8 - High
- November 03, 2020
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Use after free in printing in Google Chrome prior to 86.0.4240.75
CVE-2020-15971
8.8 - High
- November 03, 2020
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Use after free in NFC in Google Chrome prior to 86.0.4240.75
CVE-2020-15970
8.8 - High
- November 03, 2020
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75
CVE-2020-15969
8.8 - High
- November 03, 2020
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in Blink in Google Chrome prior to 86.0.4240.75
CVE-2020-15968
8.8 - High
- November 03, 2020
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Use after free in payments in Google Chrome prior to 86.0.4240.75
CVE-2020-15967
8.8 - High
- November 03, 2020
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75
CVE-2020-6557
6.5 - Medium
- November 03, 2020
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5
CVE-2020-25829
7.5 - High
- October 16, 2020
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability
CVE-2020-15229
9.3 - Critical
- October 14, 2020
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `--fakeroot` or a VM for that.
Directory traversal
phpMyAdmin before 4.9.6 and 5.x before 5.0.3
CVE-2020-26934
6.1 - Medium
- October 10, 2020
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
XSS
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3
CVE-2020-26935
9.8 - Critical
- October 10, 2020
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
SQL Injection
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets
CVE-2020-26164
5.5 - Medium
- October 07, 2020
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
Resource Exhaustion
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2
CVE-2020-11800
9.8 - Critical
- October 07, 2020
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
A missing rate limit in the Preferred Providers app 1.7.0
CVE-2020-8228
5.3 - Medium
- October 05, 2020
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
Improper Restriction of Excessive Authentication Attempts
Pagure before 5.6 allows XSS
CVE-2019-11556
6.1 - Medium
- September 25, 2020
Pagure before 5.6 allows XSS via the templates/blame.html blame view.
XSS
Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83
CVE-2020-6571
4.3 - Medium
- September 21, 2020
Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Improper Input Validation
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121
CVE-2020-15966
4.3 - Medium
- September 21, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
Type confusion in V8 in Google Chrome prior to 85.0.4183.121
CVE-2020-15965
8.8 - High
- September 21, 2020
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Object Type Confusion
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121
CVE-2020-15964
8.8 - High
- September 21, 2020
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121
CVE-2020-15963
9.6 - Critical
- September 21, 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121
CVE-2020-15962
8.8 - High
- September 21, 2020
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121
CVE-2020-15961
9.6 - Critical
- September 21, 2020
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121
CVE-2020-15960
8.8 - High
- September 21, 2020
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Memory Corruption
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102
CVE-2020-15959
4.3 - Medium
- September 21, 2020
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102
CVE-2020-6576
8.8 - High
- September 21, 2020
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Race in Mojo in Google Chrome prior to 85.0.4183.102
CVE-2020-6575
8.3 - High
- September 21, 2020
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Race Condition
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102
CVE-2020-6574
7.8 - High
- September 21, 2020
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
Use after free in video in Google Chrome on Android prior to 85.0.4183.102
CVE-2020-6573
9.6 - Critical
- September 21, 2020
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Dangling pointer
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83
CVE-2020-6570
4.3 - Medium
- September 21, 2020
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.
Information Disclosure
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83
CVE-2020-6569
6.3 - Medium
- September 21, 2020
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Integer Overflow or Wraparound
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83
CVE-2020-6568
6.5 - Medium
- September 21, 2020
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83
CVE-2020-6567
6.5 - Medium
- September 21, 2020
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Improper Input Validation
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83
CVE-2020-6566
6.5 - Medium
- September 21, 2020
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83
CVE-2020-6564
6.5 - Medium
- September 21, 2020
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
Improper Preservation of Permissions
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83
CVE-2020-6563
6.5 - Medium
- September 21, 2020
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83
CVE-2020-6562
6.5 - Medium
- September 21, 2020
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Incorrect Permission Assignment for Critical Resource
Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83
CVE-2020-6560
6.5 - Medium
- September 21, 2020
Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Use after free in presentation API in Google Chrome prior to 85.0.4183.83
CVE-2020-6559
8.8 - High
- September 21, 2020
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83
CVE-2020-6558
6.5 - Medium
- September 21, 2020
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
XSS
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83
CVE-2020-6565
6.5 - Medium
- September 21, 2020
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83
CVE-2020-6561
6.5 - Medium
- September 21, 2020
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9
CVE-2020-25032
7.5 - High
- August 31, 2020
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
Directory traversal
A flaw was found in librepo in versions before 1.12.1
CVE-2020-14352
8 - High
- August 30, 2020
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.
Directory traversal
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG
CVE-2020-24972
8.8 - High
- August 29, 2020
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
Output Sanitization
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code
CVE-2020-24614
8.8 - High
- August 25, 2020
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
AuthZ
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0
CVE-2020-8233
8.8 - High
- August 17, 2020
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
Shell injection
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1
CVE-2020-8026
7.8 - High
- August 07, 2020
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.
Incorrect Default Permissions
scm/define-stencil-commands.scm in LilyPond through 2.20.0
CVE-2020-17353
9.8 - Critical
- August 05, 2020
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle
CVE-2020-16118
7.5 - High
- July 29, 2020
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
NULL Pointer Dereference
common/session.c in Claws Mail before 3.17.6 has a protocol violation
CVE-2020-15917
9.8 - Critical
- July 23, 2020
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
Use after free in developer tools in Google Chrome prior to 84.0.4147.89
CVE-2020-6518
8.8 - High
- July 22, 2020
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89
CVE-2020-6510
7.8 - High
- July 22, 2020
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Information leak in content security policy in Google Chrome prior to 84.0.4147.89
CVE-2020-6511
6.5 - Medium
- July 22, 2020
Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Information Disclosure
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89
CVE-2020-6512
8.8 - High
- July 22, 2020
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Object Type Confusion
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89
CVE-2020-6513
8.8 - High
- July 22, 2020
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Memory Corruption
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89
CVE-2020-6514
6.5 - Medium
- July 22, 2020
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
Use after free in tab strip in Google Chrome prior to 84.0.4147.89
CVE-2020-6515
8.8 - High
- July 22, 2020
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89
CVE-2020-6516
4.3 - Medium
- July 22, 2020
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89
CVE-2020-6517
8.8 - High
- July 22, 2020
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89
CVE-2020-6519
6.5 - Medium
- July 22, 2020
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89
CVE-2020-6520
8.8 - High
- July 22, 2020
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Classic Buffer Overflow
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89
CVE-2020-6521
6.5 - Medium
- July 22, 2020
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Information Disclosure
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89
CVE-2020-6522
9.6 - Critical
- July 22, 2020
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89
CVE-2020-6523
8.8 - High
- July 22, 2020
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89
CVE-2020-6525
8.8 - High
- July 22, 2020
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89
CVE-2020-6530
8.8 - High
- July 22, 2020
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Buffer Overflow
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89
CVE-2020-6526
6.5 - Medium
- July 22, 2020
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89
CVE-2020-6524
8.8 - High
- July 22, 2020
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenSuse Leap or by OpenSuse? Click the Watch button to subscribe.