Opensuse

Backports Sle

326 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-15962

Exploit
  • EPSS 3.37%
  • Published 21.09.2020 20:15:12
  • Last modified 21.11.2024 05:06:33

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

9.6

CVE-2020-15963

Exploit
  • EPSS 1.51%
  • Published 21.09.2020 20:15:12
  • Last modified 21.11.2024 05:06:33

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

8.8

CVE-2020-15964

Exploit
  • EPSS 2.69%
  • Published 21.09.2020 20:15:12
  • Last modified 21.11.2024 05:06:33

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5

CVE-2020-25032

  • EPSS 1.25%
  • Published 31.08.2020 04:15:12
  • Last modified 21.11.2024 05:16:42

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

8.5

CVE-2020-14352

  • EPSS 4.04%
  • Published 30.08.2020 15:15:12
  • Last modified 21.11.2024 05:03:04

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the...

8.8

CVE-2020-24972

Exploit
  • EPSS 20.71%
  • Published 29.08.2020 21:15:11
  • Last modified 21.11.2024 05:16:15

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line opti...

8.8

CVE-2020-24614

  • EPSS 6.4%
  • Published 25.08.2020 14:15:16
  • Last modified 21.11.2024 05:15:09

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

9

CVE-2020-8233

  • EPSS 14.29%
  • Published 17.08.2020 16:15:13
  • Last modified 21.11.2024 05:38:33

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

7.8

CVE-2020-8026

  • EPSS 0.05%
  • Published 07.08.2020 10:15:11
  • Last modified 21.11.2024 05:38:14

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUS...

9.8

CVE-2020-17353

  • EPSS 1.26%
  • Published 05.08.2020 14:15:12
  • Last modified 21.11.2024 05:07:56

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.