Vulnerabilities > Opensuse > Backports SLE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-15981 | Out-of-bounds Read vulnerability in multiple products Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2020-11-03 | CVE-2020-15977 | Improper Input Validation vulnerability in multiple products Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | 6.5 |
| 2020-11-03 | CVE-2020-15973 | Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. | 6.5 |
| 2020-10-16 | CVE-2020-25829 | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. | 5.0 |
| 2020-10-10 | CVE-2020-26934 | Cross-site Scripting vulnerability in multiple products phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 6.1 |
| 2020-10-07 | CVE-2020-26164 | Resource Exhaustion vulnerability in multiple products In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. | 5.5 |
| 2020-10-05 | CVE-2020-8228 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | 5.0 |
| 2020-09-25 | CVE-2019-11556 | Cross-site Scripting vulnerability in multiple products Pagure before 5.6 allows XSS via the templates/blame.html blame view. | 6.1 |
| 2020-09-21 | CVE-2020-6571 | Improper Input Validation vulnerability in multiple products Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |
| 2020-09-21 | CVE-2020-6570 | Information Exposure vulnerability in multiple products Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. | 4.3 |