Opensuse Backports vulnerabilities

CVE-2021-45082 [HIGH] CWE-77 CVE-2021-45082: An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_inva An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

CVE-2021-46142 [MEDIUM] CWE-416 CVE-2021-46142: An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormali An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

CVE-2021-46141 [MEDIUM] CWE-416 CVE-2021-46141: An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUri An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

CVE-2020-15803 [MEDIUM] CWE-79 CVE-2020-15803: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CVE-2020-14983 [CRITICAL] CWE-120 CVE-2020-14983: The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_pl The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

CVE-2020-6493 [CRITICAL] CWE-416 CVE-2020-6493: Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-6495 [MEDIUM] CWE-276 CVE-2020-6495: Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

CVE-2020-6439 [HIGH] CWE-276 CVE-2020-6439: Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remo Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

CVE-2020-6452 [HIGH] CWE-787 CVE-2020-6452: Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to p Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6455 [HIGH] CWE-125 CVE-2020-6455: Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to pot Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6443 [HIGH] CWE-345 CVE-2020-6443: Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a rem Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.

CVE-2020-6433 [MEDIUM] CVE-2020-6433: Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remot Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6441 [MEDIUM] CWE-276 CVE-2020-6441: Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote a Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

CVE-2020-6446 [MEDIUM] CWE-276 CVE-2020-6446: Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a re Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2020-6431 [MEDIUM] CWE-276 CVE-2020-6431: Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remo Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVE-2020-6435 [MEDIUM] CVE-2020-6435: Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remot Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6440 [MEDIUM] CVE-2020-6440: Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacke Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

CVE-2020-6456 [MEDIUM] CWE-276 CVE-2020-6456: Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allow Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.

CVE-2020-6432 [MEDIUM] CVE-2020-6432: Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remo Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2020-6437 [MEDIUM] CVE-2020-6437: Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote atta Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.