Vulnerabilities > Opensuse > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-13112 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in libexif before 0.6.22.
network
low complexity
libexif-project debian canonical opensuse CWE-125
critical
 9.1
9.1
2020-05-21 CVE-2020-6471 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google fedoraproject opensuse debian CWE-276
critical
 9.6
9.6
2020-05-21 CVE-2020-6469 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google debian opensuse fedoraproject CWE-276
critical
 9.6
9.6
2020-05-21 CVE-2020-6466 Use After Free vulnerability in multiple products
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-05-21 CVE-2020-6465 Use After Free vulnerability in multiple products
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-05-12 CVE-2020-12823 Classic Buffer Overflow vulnerability in multiple products
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
network
low complexity
infradead fedoraproject debian opensuse CWE-120
critical
 9.8
9.8
2020-05-04 CVE-2020-12641 OS Command Injection vulnerability in multiple products
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
network
low complexity
roundcube opensuse CWE-78
critical
 9.8
9.8
2020-05-04 CVE-2020-12640 Path Traversal vulnerability in multiple products
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
network
low complexity
roundcube opensuse CWE-22
critical
 9.8
9.8
2020-05-01 CVE-2020-10683 XXE vulnerability in multiple products
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
network
low complexity
dom4j-project oracle opensuse netapp canonical CWE-611
critical
 9.8
9.8
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
network
low complexity
saltstack opensuse debian canonical vmware
critical
 9.8
9.8