Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-6561 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6560 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6559 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6558 3Debian GoogleOpensuse 4Backports Sle ChromeDebian Linux+1 more Nov 21, 2024 Sep 21, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6556 4Debian FedoraprojectGoogle+1 more 4Chrome Debian LinuxFedora+1 more Nov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15966 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Ch...Show more Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.Show less
CVE-2020-15965 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-15964 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15963 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome...Show more Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.Show less
CVE-2020-15962 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-15961 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome...Show more Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.Show less
CVE-2020-15960 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-15959 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Sep 21, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via socia...Show more Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.Show less
CVE-2020-8252 3Fedoraproject NodejsOpensuse 3Fedora LeapNode.js Nov 21, 2024 Sep 18, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
CVE-2020-8201 3Fedoraproject NodejsOpensuse 3Fedora LeapNode.js Nov 21, 2024 Sep 18, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perf...Show more Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.Show less
CVE-2020-0432 2Google Opensuse 2Android Leap Nov 21, 2024 Sep 17, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...Show more In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807Show less
CVE-2020-0431 2Google Opensuse 2Android Leap Nov 21, 2024 Sep 17, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...Show more In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459Show less
CVE-2020-0427 4Debian GoogleOpensuse+1 more 4Android Debian LinuxLeap+1 more Nov 21, 2024 Sep 17, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed...Show more In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171Show less
CVE-2019-20919 5Canonical DebianFedoraproject+2 more 5Dbi Debian LinuxFedora+2 more Nov 21, 2024 Sep 17, 2020 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer der...Show more An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.Show less
CVE-2020-25040 2Opensuse Sylabs 2Leap Singularity Nov 21, 2024 Sep 16, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.

Previous 1...91011...164 Next