Product:

Backports_sle

(Opensuse)
Date Id Summary Products Score Patch Annotated
2019-07-30 CVE-2019-5459 An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Backports, Backports_sle, Leap, Vlc_media_player 7.1
2020-02-04 CVE-2019-15623 Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. Nextcloud_server, Backports_sle, Package_hub 5.3
2019-12-16 CVE-2019-16779 In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this. Debian_linux, Excon, Backports_sle, Leap 5.9
2020-06-03 CVE-2020-6496 Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Debian_linux, Chrome, Backports_sle, Leap 8.8
2020-02-28 CVE-2019-3698 UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1... Nagios, Backports_sle, Leap 7.0
2019-11-26 CVE-2019-14856 ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None Backports_sle, Leap, Ansible, Openstack 6.5
2020-11-03 CVE-2020-16007 Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. Debian_linux, Chrome, Backports_sle, Leap 7.8
2020-11-03 CVE-2020-16011 Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Debian_linux, Chrome, Backports_sle, Leap 9.6
2020-10-05 CVE-2020-8228 A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. Preferred_providers, Backports_sle, Leap 5.3
2019-12-27 CVE-2019-20015 An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec. Libredwg, Backports_sle, Leap N/A