Vulnerabilities > Opensuse > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-13 CVE-2020-6440 Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6438 Information Exposure Through an Error Message vulnerability in multiple products
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
network
low complexity
google debian fedoraproject opensuse CWE-209
4.3
4.3
2020-04-13 CVE-2020-6437 Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6435 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6433 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6432 Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
4.3
4.3
2020-04-13 CVE-2020-6431 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse CWE-276
4.3
4.3
2020-04-10 CVE-2020-11669 An issue was discovered in the Linux kernel before 5.2 on the powerpc platform.
local
low complexity
linux redhat opensuse
5.5
5.5
2020-04-09 CVE-2020-8834 Race Condition vulnerability in multiple products
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption.
local
low complexity
linux canonical opensuse CWE-362
6.5
6.5
2020-04-03 CVE-2019-18905 Insufficient Verification of Data Authenticity vulnerability in Opensuse Autoyast2 4.0.703.20.1/4.1.93.9.1
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images.
network
high complexity
opensuse CWE-345
5.9
5.9