Vulnerabilities > Opensuse > Backports SLE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-15973 | Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. | 6.5 |
| 2020-10-10 | CVE-2020-26934 | Cross-site Scripting vulnerability in multiple products phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 6.1 |
| 2020-10-07 | CVE-2020-26164 | Resource Exhaustion vulnerability in multiple products In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. | 5.5 |
| 2020-10-05 | CVE-2020-8228 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | 5.3 |
| 2020-09-25 | CVE-2019-11556 | Cross-site Scripting vulnerability in multiple products Pagure before 5.6 allows XSS via the templates/blame.html blame view. | 6.1 |
| 2020-09-21 | CVE-2020-6571 | Improper Input Validation vulnerability in multiple products Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |
| 2020-09-21 | CVE-2020-6570 | Information Exposure vulnerability in multiple products Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. | 4.3 |
| 2020-09-21 | CVE-2020-6569 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 6.3 |
| 2020-09-21 | CVE-2020-6568 | Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |
| 2020-09-21 | CVE-2020-6567 | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |