Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
#Vulnerabilities | 326 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-07-23 | CVE-2020-15917 | common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. | Claws\-Mail, Fedora, Backports_sle, Leap | 9.8 | ||
2020-08-05 | CVE-2020-17353 | scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. | Debian_linux, Fedora, Lilypond, Backports_sle, Leap | 9.8 | ||
2020-08-25 | CVE-2020-24614 | Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. | Fedora, Fossil, Backports_sle, Leap | 8.8 | ||
2020-08-29 | CVE-2020-24972 | The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. | Fedora, Kleopatra, Backports_sle, Leap | 8.8 | ||
2020-08-30 | CVE-2020-14352 | A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted... | Fedora, Backports_sle, Leap, Librepo | 8.0 | ||
2020-09-21 | CVE-2020-15959 | Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 4.3 | ||
2020-09-21 | CVE-2020-15960 | Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 | ||
2020-09-21 | CVE-2020-15961 | Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 9.6 | ||
2020-09-21 | CVE-2020-15962 | Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 | ||
2020-09-21 | CVE-2020-15963 | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 9.6 |