Vulnerabilities > Opensuse > Leap > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-6466 Use After Free vulnerability in multiple products
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-05-21 CVE-2020-6469 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google debian opensuse fedoraproject CWE-276
critical
 9.6
9.6
2020-05-21 CVE-2020-6471 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google fedoraproject opensuse debian CWE-276
critical
 9.6
9.6
2020-05-12 CVE-2020-12823 Classic Buffer Overflow vulnerability in multiple products
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
network
low complexity
infradead fedoraproject debian opensuse CWE-120
critical
 9.8
9.8
2020-05-04 CVE-2020-12640 Path Traversal vulnerability in multiple products
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
network
low complexity
roundcube opensuse CWE-22
critical
 9.8
9.8
2020-05-04 CVE-2020-12641 OS Command Injection vulnerability in multiple products
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
network
low complexity
roundcube opensuse CWE-78
critical
 9.8
9.8
2020-05-01 CVE-2020-10683 XXE vulnerability in multiple products
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
network
low complexity
dom4j-project oracle opensuse netapp canonical CWE-611
critical
 9.8
9.8
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
network
low complexity
saltstack opensuse debian canonical vmware
critical
 9.8
9.8
2020-04-27 CVE-2020-12268 Out-of-bounds Write vulnerability in multiple products
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
network
low complexity
artifex debian opensuse CWE-787
critical
 9.8
9.8
2020-04-23 CVE-2020-11945 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in Squid before 5.0.2.
network
low complexity
squid-cache debian opensuse fedoraproject canonical CWE-190
critical
 9.8
9.8