Backports SLE

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-10	CVE-2019-13745	Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian suse opensuse fedoraproject redhat	6.5
2019-12-10	CVE-2019-13734	Out-of-bounds Write vulnerability in multiple products Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject redhat canonical suse opensuse debian oracle CWE-787	8.8
2019-12-03	CVE-2019-5164	Missing Authentication for Critical Function vulnerability in multiple products An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. local low complexity shadowsocks opensuse CWE-306	7.8
2019-11-26	CVE-2019-14856	Improper Authentication vulnerability in multiple products ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None network low complexity redhat opensuse CWE-287	6.5
2019-11-25	CVE-2019-13719	Insecure Storage of Sensitive Information vulnerability in multiple products Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. network low complexity google opensuse CWE-922	4.3
2019-11-25	CVE-2019-13718	Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. network low complexity google opensuse	4.3
2019-11-25	CVE-2019-13717	Insecure Storage of Sensitive Information vulnerability in multiple products Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. network low complexity google opensuse CWE-922	4.3
2019-11-25	CVE-2019-13716	Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. network low complexity google opensuse CWE-863	4.3
2019-11-25	CVE-2019-13715	Authentication Bypass by Spoofing vulnerability in multiple products Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. network low complexity google opensuse CWE-290	4.3
2019-11-25	CVE-2019-13714	Code Injection vulnerability in multiple products Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. network low complexity google opensuse CWE-94	6.1