Vulnerabilities > Suse > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-6402 | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. | 8.8 |
| 2020-02-11 | CVE-2020-6398 | Use of Uninitialized Resource vulnerability in multiple products Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
| 2020-02-11 | CVE-2020-6390 | Out-of-bounds Write vulnerability in multiple products Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-02-11 | CVE-2020-6385 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 8.8 |
| 2020-02-11 | CVE-2020-6382 | Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-02-11 | CVE-2020-6381 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-01-27 | CVE-2017-14807 | SQL Injection vulnerability in Suse Studio Onsite and Susestudio-Ui-Server An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. | 8.1 |
| 2020-01-27 | CVE-2018-12476 | Path Traversal vulnerability in Suse Obs-Service-Tar SCM Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. | 7.5 |
| 2020-01-24 | CVE-2019-3694 | Link Following vulnerability in multiple products A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. | 7.8 |
| 2020-01-24 | CVE-2019-3693 | Link Following vulnerability in multiple products A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. | 7.8 |