Opensuse

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-6520 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6519 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6518 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6517 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6516 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6515 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6514 6Apple CanonicalDebian+3 more 11Backports Sle ChromeDebian Linux+8 more Nov 21, 2024 Jul 22, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
CVE-2020-6513 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2020-6512 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6511 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6510 4Debian FedoraprojectGoogle+1 more 5Backports Sle ChromeDebian Linux+2 more Nov 21, 2024 Jul 22, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-0305 2Google Opensuse 2Android Leap Nov 21, 2024 Jul 17, 2020 N/A· v4 6.4 MEDIUM· v3 4.4 MEDIUM· v2 In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploita...Show more In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744Show less
CVE-2020-15586 5Cloudfoundry DebianFedoraproject+2 more 6Cf Deployment Debian LinuxFedora+3 more Nov 21, 2024 Jul 17, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
CVE-2020-14039 2Golang Opensuse 2Go Leap Nov 21, 2024 Jul 17, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certi...Show more In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.Show less
CVE-2020-15803 4Debian FedoraprojectOpensuse+1 more 5Backports Debian LinuxFedora+2 more Nov 21, 2024 Jul 17, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
CVE-2020-15780 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 Jul 15, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CI...Show more An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.Show less
CVE-2019-20908 3Canonical LinuxOpensuse 3Leap Linux KernelUbuntu Linux Nov 21, 2024 Jul 15, 2020 N/A· v4 6.7 MEDIUM· v3 6.9 MEDIUM· v2 An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictio...Show more An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.Show less
CVE-2020-14715 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Jul 15, 2020 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerabilit...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2020-14714 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Jul 15, 2020 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerabilit...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2020-14713 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Jul 15, 2020 N/A· v4 7.5 HIGH· v3 4.4 MEDIUM· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerabil...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).Show less

Previous 1...141516...164 Next