Vulnerabilities > Opensuse > Backports SLE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-21 | CVE-2020-15961 | Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
| 2020-09-21 | CVE-2020-15960 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 |
| 2020-09-21 | CVE-2020-15959 | Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. | 4.3 |
| 2020-08-31 | CVE-2020-25032 | Path Traversal vulnerability in multiple products An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. | 7.5 |
| 2020-08-30 | CVE-2020-14352 | Path Traversal vulnerability in multiple products A flaw was found in librepo in versions before 1.12.1. | 8.0 |
| 2020-08-29 | CVE-2020-24972 | Improper Encoding or Escaping of Output vulnerability in multiple products The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. | 8.8 |
| 2020-08-25 | CVE-2020-24614 | Missing Authorization vulnerability in multiple products Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. | 8.8 |
| 2020-08-17 | CVE-2020-8233 | OS Command Injection vulnerability in multiple products A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. | 8.8 |
| 2020-08-07 | CVE-2020-8026 | Unspecified vulnerability in Opensuse Backports Sle, Leap and Tumbleweed A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. | 7.8 |
| 2020-08-05 | CVE-2020-17353 | scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. | 9.8 |