Vulnerabilities > Opensuse > Backports SLE > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-10-14 CVE-2020-15229 Path Traversal vulnerability in multiple products
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability.
network
low complexity
sylabs opensuse CWE-22
critical
 9.3
9.3
2020-10-10 CVE-2020-26935 SQL Injection vulnerability in multiple products
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-89
critical
 9.8
9.8
2020-09-21 CVE-2020-15961 Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
 9.6
9.6
2020-09-21 CVE-2020-15963 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
 9.6
9.6
2020-09-21 CVE-2020-6573 Use After Free vulnerability in multiple products
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-08-17 CVE-2020-8233 OS Command Injection vulnerability in multiple products
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
network
low complexity
ui opensuse CWE-78
critical
 9.0
9.0
2020-08-05 CVE-2020-17353 scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
network
low complexity
lilypond fedoraproject debian opensuse
critical
 9.8
9.8
2020-07-23 CVE-2020-15917 common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
network
low complexity
claws-mail fedoraproject opensuse
critical
 9.8
9.8
2020-07-22 CVE-2020-6522 Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject
critical
 9.6
9.6
2020-05-21 CVE-2020-6465 Use After Free vulnerability in multiple products
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6