Vulnerabilities > Opensuse > Backports SLE > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-21 | CVE-2020-6463 | Use After Free vulnerability in multiple products Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-05-19 | CVE-2020-10995 | Resource Exhaustion vulnerability in multiple products PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. | 7.5 |
2020-05-19 | CVE-2020-12244 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. | 7.5 |
2020-05-06 | CVE-2020-12672 | Out-of-bounds Write vulnerability in multiple products GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. | 7.5 |
2020-05-04 | CVE-2020-12641 | OS Command Injection vulnerability in multiple products rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | 7.5 |
2020-05-04 | CVE-2020-12640 | Path Traversal vulnerability in multiple products Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | 7.5 |
2020-04-30 | CVE-2020-12050 | Race Condition vulnerability in multiple products SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. | 7.0 |
2020-04-22 | CVE-2020-12066 | Improper Input Validation vulnerability in multiple products CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. | 7.5 |
2020-04-13 | CVE-2020-6454 | Use After Free vulnerability in multiple products Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 |
2020-04-13 | CVE-2020-6451 | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |