Backports SLE

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-13	CVE-2020-6438	Information Exposure Through an Error Message vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. network low complexity google debian fedoraproject opensuse CWE-209	4.3
2020-04-13	CVE-2020-6436	Use After Free vulnerability in multiple products Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-416	8.8
2020-04-13	CVE-2020-6434	Use After Free vulnerability in multiple products Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-416	8.8
2020-04-13	CVE-2020-6430	Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-843	8.8
2020-04-13	CVE-2020-6423	Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject opensuse debian CWE-416	8.8
2020-04-08	CVE-2020-11653	Reachable Assertion vulnerability in multiple products An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. network low complexity varnish-cache varnish-software opensuse debian CWE-617	7.5
2020-04-08	CVE-2019-20637	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. network low complexity varnish-cache varnish-software opensuse CWE-212	7.5
2020-03-31	CVE-2019-14905	Exposure of Resource to Wrong Sphere vulnerability in multiple products A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. local low complexity redhat fedoraproject opensuse CWE-668	5.6
2020-03-27	CVE-2020-6095	NULL Pointer Dereference vulnerability in multiple products An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. network low complexity gstreamer-project opensuse CWE-476	7.5
2020-03-27	CVE-2020-1772	It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. network low complexity otrs opensuse debian	7.5