Backports SLE

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-11	CVE-2020-6390	Out-of-bounds Write vulnerability in multiple products Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian suse opensuse redhat CWE-787	8.8
2020-02-11	CVE-2020-6385	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-754	8.8
2020-02-11	CVE-2020-6382	Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian suse opensuse redhat CWE-843	8.8
2020-02-11	CVE-2020-6381	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-190	8.8
2020-02-04	CVE-2020-8118	Server-Side Request Forgery (SSRF) vulnerability in multiple products An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. network low complexity nextcloud novell opensuse CWE-918	5.0
2020-02-04	CVE-2019-15623	Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. network low complexity nextcloud suse opensuse	5.3
2020-01-24	CVE-2019-3693	A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. local low complexity suse opensuse	7.8
2020-01-24	CVE-2019-3692	The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. local low complexity suse opensuse	7.8
2020-01-21	CVE-2020-7040	Link Following vulnerability in multiple products storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. network high complexity storebackup debian opensuse canonical CWE-59	8.1
2020-01-21	CVE-2019-18932	Link Following vulnerability in multiple products log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. local high complexity squid-analysis-report-generator-project opensuse CWE-59	7.0