Latest opensuse backports Vulnerabilities

CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring....
Cobbler Project Cobbler<3.3.1
openSUSE Factory
Opensuse Backports=sle-15-sp3
Opensuse Backports=sle-15-sp4
SUSE Linux Enterprise Server=11-sp3
SUSE Linux Enterprise Server=12
and 5 more
CVE-2021-46141
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
debian/uriparser
Uriparser Project Uriparser<0.9.6
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 5 more
CVE-2021-46142
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
debian/uriparser
Uriparser Project Uriparser<0.9.6
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
and 5 more
CVE-2020-15803
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
Zabbix Zabbix<=3.0.31
Zabbix Zabbix>=4.0.0<=4.0.21
Zabbix Zabbix>=4.4<=4.4.9
Zabbix Zabbix>=5.0.0<=5.0.1
Zabbix Zabbix=3.0.32-rc1
Zabbix Zabbix=4.0.22
and 12 more
CVE-2020-14983
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
Chocolate-doom Chocolate Doom=3.0.0
Chocolate-doom Crispy Doom=5.8.0
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
openSUSE Leap=15.2
CVE-2020-6495
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox esc...
Google Chrome<83.0.4103.97
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
debian/chromium
CVE-2020-6493
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML...
Google Chrome<83.0.4103.97
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
debian/chromium
CVE-2020-6456
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6455
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6439
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6443
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML...
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6442
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Google Chrome<81.0.4044.92
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Opensuse Backports=sle-15-sp1
and 2 more
CVE-2020-6452
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google Chrome<80.0.3987.162
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
CVE-2020-6445
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6446
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6437
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6440
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information ...
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6441
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6435
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted ...
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6432
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6431
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-6433
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Google Chrome<81.0.4044.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
and 3 more
CVE-2020-10938
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
Graphicsmagick Graphicsmagick<1.3.35
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
and 5 more
CVE-2020-6425
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted C...
redhat/chromium-browser<80.0.3987.149
Google Chrome<80.0.3987.149
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 3 more
CVE-2020-0561
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
<2.6.100.1
Microsoft Windows
<2.8.100.1
Linux Linux kernel
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
and 4 more
CVE-2019-15624
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
Nextcloud Nextcloud Server<14.0.11
Nextcloud Nextcloud Server>=15.0.0<15.0.8
Opensuse Backports=sle-15-sp1
SUSE SUSE Linux Enterprise Server=12
CVE-2019-15613
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
Nextcloud Nextcloud Server<15.0.14
Nextcloud Nextcloud Server>=16.0.0<16.0.7
Nextcloud Nextcloud Server>=17.0.0<17.0.2
Opensuse Backports=sle-15-sp1
CVE-2019-18899
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operat...
Apt-cacher-ng Project Apt-cacher-ng<3.1-lp151.3.3.1
openSUSE Leap=15.1
Opensuse Backports=sle-15-sp1
CVE-2020-5202
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via T...
debian/apt-cacher-ng
Apt-cacher-ng Project Apt-cacher-ng<=3.3
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Backports=sle-15-sp1
and 1 more
CVE-2020-6610
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
GNU LibreDWG=0.9.3.2564
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
CVE-2019-20053
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
Upx Project Upx=3.95
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
CVE-2019-19951
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
Graphicsmagick Graphicsmagick=1.4-2019-04-23
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
and 5 more
CVE-2019-19953
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
Graphicsmagick Graphicsmagick=1.4-2019-12-08
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
and 5 more
CVE-2019-19950
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
Graphicsmagick Graphicsmagick=1.4-2019-04-03
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
and 5 more
CVE-2019-13730
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
redhat/chromium-browser<79.0.3945.79
Google Chrome<79.0.3945.79
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 7 more
CVE-2019-5163
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FA...
Shadowsocks Shadowsocks-libev=3.3.2
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.1
CVE-2019-13711
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Google Chrome<78.0.3904.70
Opensuse Backports=sle-15-sp1
CVE-2019-13713
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Google Chrome<78.0.3904.70
Opensuse Backports=sle-15-sp1
CVE-2019-13707
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
Google Chrome<78.0.3904.70
Opensuse Backports=sle-15-sp1
CVE-2019-13705
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted C...
Google Chrome<78.0.3904.70
Opensuse Backports=sle-15-sp1
CVE-2019-13723
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...
Google Chrome<78.0.3904.108
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Opensuse Backports=sle-15
Redhat Enterprise Linux Desktop=6.0
Redhat Enterprise Linux Server=6.0
and 2 more
CVE-2019-16709
A vulnerability was found in ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Reference: <a href="https://github.com/ImageMagick/ImageMagick/issues/1531">https...
IBM Data Risk Manager<=2.0.6
ImageMagick ImageMagick=7.0.8-35
Opensuse Backports=sle-15
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.0
openSUSE Leap=15.1
and 17 more
CVE-2019-14524
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than ...
Schismtracker Schism Tracker<=20190722
Opensuse Backports=sle-15
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.0
openSUSE Leap=15.1
CVE-2019-10163
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to...
PowerDNS Authoritative>=4.0.0<4.0.8
PowerDNS Authoritative>=4.1.0<4.1.9
PowerDNS Authoritative=4.1.0
Opensuse Backports=sle-15
Opensuse Backports=sle-15-sp1
openSUSE Leap=15.0
and 1 more
CVE-2019-5830
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Google Chrome<75.0.3770.80
Opensuse Backports=sle-15
openSUSE Leap=15.0
openSUSE Leap=15.1
openSUSE Leap=42.3
Debian Debian Linux=10.0
and 3 more
CVE-2019-5833
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.
Google Chrome<75.0.3770.80
Google Android
Debian Debian Linux=10.0
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Opensuse Backports=sle-15
and 4 more
CVE-2019-5838
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs v...
Google Chrome<75.0.3770.80
Opensuse Backports=sle-15
openSUSE Leap=15.0
openSUSE Leap=15.1
openSUSE Leap=42.3
Fedoraproject Fedora=29
and 3 more
CVE-2019-5840
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Google Chrome<75.0.3770.80
Apple iPhone OS
Debian Debian Linux=10.0
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Opensuse Backports=sle-15
and 4 more
CVE-2019-5832
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Google Chrome<75.0.3770.80
Opensuse Backports=sle-15
openSUSE Leap=15.0
openSUSE Leap=15.1
openSUSE Leap=42.3
Debian Debian Linux=10.0
and 3 more
CVE-2019-5831
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google Chrome<75.0.3770.80
Opensuse Backports=sle-15
openSUSE Leap=15.0
openSUSE Leap=15.1
openSUSE Leap=42.3
Debian Debian Linux=10.0
and 3 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203