Backports SLE

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-14	CVE-2020-15229	Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. network low complexity sylabs opensuse critical	9.3
2020-10-10	CVE-2020-26935	SQL Injection vulnerability in multiple products An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. network low complexity phpmyadmin opensuse fedoraproject debian CWE-89 critical	9.8
2020-10-10	CVE-2020-26934	Cross-site Scripting vulnerability in multiple products phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. network low complexity phpmyadmin opensuse fedoraproject debian CWE-79	6.1
2020-10-07	CVE-2020-26164	Resource Exhaustion vulnerability in multiple products In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. local low complexity kde opensuse CWE-400	5.5
2020-10-07	CVE-2020-11800	Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. network low complexity zabbix opensuse debian critical	9.8
2020-10-05	CVE-2020-8228	Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. network low complexity nextcloud opensuse CWE-307	5.3
2020-09-25	CVE-2019-11556	Cross-site Scripting vulnerability in multiple products Pagure before 5.6 allows XSS via the templates/blame.html blame view. network low complexity redhat opensuse CWE-79	6.1
2020-09-21	CVE-2020-6571	Improper Input Validation vulnerability in multiple products Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. network low complexity google opensuse fedoraproject debian CWE-20	4.3
2020-09-21	CVE-2020-6570	Information Exposure vulnerability in multiple products Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. network low complexity google opensuse fedoraproject debian CWE-200	4.3
2020-09-21	CVE-2020-6569	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-190	6.3