Backports SLE

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-12	CVE-2020-14004	Link Following vulnerability in multiple products An issue was discovered in Icinga2 before v2.12.0-rc1. local low complexity icinga opensuse CWE-59	7.8
2020-06-08	CVE-2020-13696	Incorrect Authorization vulnerability in multiple products An issue was discovered in LinuxTV xawtv before 3.107. local low complexity linuxtv debian opensuse fedoraproject canonical CWE-863	4.4
2020-06-03	CVE-2020-6496	Use After Free vulnerability in multiple products Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. network low complexity google debian opensuse CWE-416	8.8
2020-06-03	CVE-2020-6494	Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google debian opensuse	6.5
2020-06-03	CVE-2020-13379	Server-Side Request Forgery (SSRF) vulnerability in multiple products The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. network low complexity grafana fedoraproject netapp opensuse CWE-918	8.2
2020-05-26	CVE-2020-13614	Improper Certificate Validation vulnerability in multiple products An issue was discovered in ssl.c in Axel before 2.17.8. network high complexity axel-project fedoraproject opensuse CWE-295	5.9
2020-05-21	CVE-2020-6491	Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. network low complexity google debian opensuse fedoraproject	6.5
2020-05-21	CVE-2020-6490	Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-668	4.3
2020-05-21	CVE-2020-6489	Information Exposure vulnerability in multiple products Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-200	4.3
2020-05-21	CVE-2020-6488	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-276	4.3