Vulnerabilities > Opensuse > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-09 | CVE-2020-10761 | Reachable Assertion vulnerability in multiple products An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. | 5.0 |
| 2020-06-08 | CVE-2020-13844 | Information Exposure Through Discrepancy vulnerability in multiple products Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." | 5.5 |
| 2020-06-08 | CVE-2020-13696 | Incorrect Authorization vulnerability in multiple products An issue was discovered in LinuxTV xawtv before 3.107. | 4.4 |
| 2020-06-08 | CVE-2020-12803 | Improper Input Validation vulnerability in multiple products ODF documents can contain forms to be filled out by the user. | 6.5 |
| 2020-06-08 | CVE-2020-12802 | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. | 5.3 |
| 2020-06-04 | CVE-2020-13800 | Uncontrolled Recursion vulnerability in multiple products ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | 6.0 |
| 2020-06-03 | CVE-2020-6495 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 6.5 |
| 2020-06-03 | CVE-2020-6494 | Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2020-06-03 | CVE-2019-20810 | Memory Leak vulnerability in multiple products go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. | 5.5 |
| 2020-06-01 | CVE-2020-12867 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. | 5.5 |