Vulnerabilities > Opensuse > Leap > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-21 CVE-2020-6556 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse CWE-787
8.8
8.8
2020-09-21 CVE-2020-15965 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-843
8.8
8.8
2020-09-21 CVE-2020-15964 NULL Pointer Dereference vulnerability in multiple products
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google opensuse fedoraproject debian CWE-476
8.8
8.8
2020-09-21 CVE-2020-15962 Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
network
low complexity
google opensuse fedoraproject debian
8.8
8.8
2020-09-21 CVE-2020-15960 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
network
low complexity
google opensuse fedoraproject debian CWE-787
8.8
8.8
2020-09-18 CVE-2020-8252 Classic Buffer Overflow vulnerability in multiple products
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
local
low complexity
nodejs opensuse fedoraproject CWE-120
7.8
7.8
2020-09-18 CVE-2020-8201 HTTP Request Smuggling vulnerability in multiple products
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users.
network
high complexity
nodejs opensuse fedoraproject CWE-444
7.4
7.4
2020-09-17 CVE-2020-0432 Integer Overflow or Wraparound vulnerability in multiple products
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow.
local
low complexity
google opensuse CWE-190
7.8
7.8
2020-09-16 CVE-2020-25040 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
network
low complexity
sylabs opensuse CWE-668
8.8
8.8
2020-09-16 CVE-2020-25039 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
network
low complexity
sylabs opensuse CWE-668
8.1
8.1