Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-16011 |
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: November 02, 2020; 10:15:15 PM -0500 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2020-16009 |
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: November 02, 2020; 10:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-16008 |
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. Published: November 02, 2020; 10:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-16007 |
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. Published: November 02, 2020; 10:15:15 PM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2020-16006 |
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: November 02, 2020; 10:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-16005 |
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: November 02, 2020; 10:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-16004 |
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: November 02, 2020; 10:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-25829 |
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). Published: October 16, 2020; 2:15:12 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-26935 |
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. Published: October 10, 2020; 3:15:12 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-26934 |
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. Published: October 10, 2020; 3:15:12 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-26164 |
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. Published: October 07, 2020; 3:15:12 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2020-11800 |
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Published: October 07, 2020; 12:15:15 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-8228 |
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. Published: October 05, 2020; 10:15:13 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-11556 |
Pagure before 5.6 allows XSS via the templates/blame.html blame view. Published: September 25, 2020; 2:15:13 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-6576 |
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: September 21, 2020; 4:15:15 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-6575 |
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: September 21, 2020; 4:15:15 PM -0400 |
V3.1: 8.3 HIGH V2.0: 5.1 MEDIUM |
CVE-2020-6574 |
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Published: September 21, 2020; 4:15:15 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2020-6573 |
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: September 21, 2020; 4:15:15 PM -0400 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2020-6571 |
Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Published: September 21, 2020; 4:15:15 PM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-6570 |
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. Published: September 21, 2020; 4:15:15 PM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |