Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-10 | CVE-2020-6377 | Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap, Enterprise_linux_desktop, Enterprise_linux_workstation | 8.8 | ||
| 2020-01-16 | CVE-2020-7106 | Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | Cacti, Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Backports_sle, Leap, Package_hub | 6.1 | ||
| 2020-01-21 | CVE-2020-7040 | storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) | Ubuntu_linux, Debian_linux, Backports_sle, Leap, Storebackup | 8.1 | ||
| 2020-02-04 | CVE-2020-8118 | An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | Nextcloud_server, Suse_linux_enterprise_server, Backports_sle | 5.0 | ||
| 2020-02-11 | CVE-2020-6381 | Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub | 8.8 | ||
| 2020-02-11 | CVE-2020-6382 | Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub | 8.8 | ||
| 2020-02-11 | CVE-2020-6385 | Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub | 8.8 | ||
| 2020-02-11 | CVE-2020-6390 | Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub | 8.8 | ||
| 2020-02-11 | CVE-2020-6391 | Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub | 4.3 | ||
| 2020-02-11 | CVE-2020-6392 | Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | Debian_linux, Fedora, Chrome, Backports_sle, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub | 4.3 |