Vulnerabilities > Opensuse > Backports SLE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-04 | CVE-2020-12625 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. | 6.1 |
| 2020-04-30 | CVE-2020-12050 | Race Condition vulnerability in multiple products SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. | 7.0 |
| 2020-04-24 | CVE-2020-12137 | Cross-site Scripting vulnerability in multiple products GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. | 6.1 |
| 2020-04-22 | CVE-2020-12066 | Improper Input Validation vulnerability in multiple products CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. | 7.5 |
| 2020-04-13 | CVE-2020-6454 | Use After Free vulnerability in multiple products Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 |
| 2020-04-13 | CVE-2020-6451 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-04-13 | CVE-2020-6450 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-04-13 | CVE-2020-6448 | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-04-13 | CVE-2020-6447 | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-04-13 | CVE-2020-6444 | Use of Uninitialized Resource vulnerability in multiple products Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.3 |