Backports

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-19	CVE-2021-45082	Command Injection vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. local low complexity cobbler-project suse opensuse fedoraproject CWE-77	7.8
2022-01-06	CVE-2021-46141	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2022-01-06	CVE-2021-46142	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2020-07-17	CVE-2020-15803	Cross-site Scripting vulnerability in multiple products Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. network low complexity zabbix fedoraproject debian opensuse CWE-79	6.1
2020-06-22	CVE-2020-14983	Classic Buffer Overflow vulnerability in multiple products The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. network low complexity chocolate-doom opensuse CWE-120 critical	9.8
2020-06-03	CVE-2020-6495	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. network low complexity google debian opensuse CWE-276	6.5
2020-06-03	CVE-2020-6493	Use After Free vulnerability in multiple products Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. network low complexity google debian opensuse CWE-416 critical	9.6
2020-04-13	CVE-2020-6456	Incorrect Default Permissions vulnerability in multiple products Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. network low complexity google debian fedoraproject opensuse CWE-276	6.5
2020-04-13	CVE-2020-6455	Out-of-bounds Read vulnerability in multiple products Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-125	8.8
2020-04-13	CVE-2020-6452	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject opensuse CWE-787	8.8