Backports

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-13	CVE-2020-6432	Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. network low complexity google debian fedoraproject opensuse	4.3
2020-04-13	CVE-2020-6431	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-276	4.3
2020-03-24	CVE-2020-10938	Integer Overflow or Wraparound vulnerability in multiple products GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. network low complexity graphicsmagick debian opensuse CWE-190	7.5
2020-03-23	CVE-2020-6425	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. network low complexity google debian fedoraproject opensuse CWE-20	5.4
2020-03-23	CVE-2020-10592	Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. network low complexity torproject opensuse	7.8
2020-02-13	CVE-2020-0561	Improper Initialization vulnerability in multiple products Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. local low complexity intel opensuse CWE-665	4.6
2020-02-04	CVE-2019-15624	Improper Input Validation vulnerability in multiple products Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. network low complexity nextcloud opensuse suse CWE-20	4.0
2020-02-04	CVE-2019-15613	Insufficient Verification of Data Authenticity vulnerability in multiple products A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. network low complexity nextcloud opensuse CWE-345	8.0
2020-01-23	CVE-2019-18899	Improper Privilege Management vulnerability in multiple products The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. local low complexity apt-cacher-ng-project opensuse CWE-269	5.5
2020-01-21	CVE-2020-5202	apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. local low complexity apt-cacher-ng-project debian opensuse	2.1