Vulnerabilities > Opensuse > Leap > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-09-21 CVE-2020-15961 Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
 9.6
9.6
2020-09-21 CVE-2020-15963 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google opensuse fedoraproject debian
critical
 9.6
9.6
2020-09-21 CVE-2020-6573 Use After Free vulnerability in multiple products
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-08-11 CVE-2020-17368 OS Command Injection vulnerability in multiple products
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
network
low complexity
firejail-project debian fedoraproject opensuse CWE-78
critical
 9.8
9.8
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
 9.8
9.8
2020-08-05 CVE-2020-17353 scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
network
low complexity
lilypond fedoraproject debian opensuse
critical
 9.8
9.8
2020-07-28 CVE-2020-15900 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52.
network
low complexity
artifex canonical opensuse CWE-191
critical
 9.8
9.8
2020-07-23 CVE-2020-15917 common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
network
low complexity
claws-mail fedoraproject opensuse
critical
 9.8
9.8
2020-07-22 CVE-2020-6522 Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject
critical
 9.6
9.6
2020-07-14 CVE-2020-13753 Improper Input Validation vulnerability in multiple products
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl.
network
low complexity
wpewebkit webkitgtk fedoraproject debian canonical opensuse CWE-20
critical
 10.0
10