Vulnerabilities > Opensuse > Leap > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-10-14 CVE-2020-15229 Path Traversal vulnerability in multiple products
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability.
network
low complexity
sylabs opensuse CWE-22
critical
9.3
2020-10-10 CVE-2020-26935 SQL Injection vulnerability in multiple products
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-89
critical
9.8
2020-09-30 CVE-2020-26154 Classic Buffer Overflow vulnerability in multiple products
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
network
low complexity
libproxy-project fedoraproject debian opensuse CWE-120
critical
9.8
2020-09-21 CVE-2020-15961 Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
9.6
2020-09-21 CVE-2020-15963 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
9.6
2020-09-21 CVE-2020-6573 Use After Free vulnerability in multiple products
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
9.6
2020-08-17 CVE-2020-8233 OS Command Injection vulnerability in multiple products
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
network
low complexity
ui opensuse CWE-78
critical
9.0
2020-08-11 CVE-2020-17368 OS Command Injection vulnerability in multiple products
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
network
low complexity
firejail-project debian fedoraproject opensuse CWE-78
critical
9.8
2020-08-10 CVE-2020-15659 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0.
network
mozilla opensuse canonical CWE-787
critical
9.3
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
9.8