Opensuse Backports Sle vulnerabilities
325 known vulnerabilities affecting opensuse/backports_sle.
Total CVEs
325
CISA KEV
3
actively exploited
Public exploits
8
Exploited in wild
5
Severity breakdown
CRITICAL27HIGH168MEDIUM129LOW1
Vulnerabilities
Page 3 of 17
CVE-2020-15229CRITICALCVSS 9.3v15.02020-10-14
CVE-2020-15229 [CRITICAL] CWE-22 CVE-2020-15229: Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs au
nvd
CVE-2020-26935CRITICALCVSS 9.8PoCv15.02020-10-10
CVE-2020-26935 [CRITICAL] CWE-89 CVE-2020-26935: An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL i
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
nvd
CVE-2020-26934MEDIUMCVSS 6.1v15.02020-10-10
CVE-2020-26934 [MEDIUM] CWE-79 CVE-2020-26934: phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a cra
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
nvd
CVE-2020-11800CRITICALCVSS 9.8v15.02020-10-07
CVE-2020-11800 [CRITICAL] CVE-2020-11800: Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary co
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
nvd
CVE-2020-26164MEDIUMCVSS 5.5v15.02020-10-07
CVE-2020-26164 [MEDIUM] CWE-400 CVE-2020-26164: In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send craf
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
nvd
CVE-2020-8228MEDIUMCVSS 5.3v15.02020-10-05
CVE-2020-8228 [MEDIUM] CWE-840 CVE-2020-8228: A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
nvd
CVE-2019-11556MEDIUMCVSS 6.1v15.02020-09-25
CVE-2019-11556 [MEDIUM] CWE-79 CVE-2019-11556: Pagure before 5.6 allows XSS via the templates/blame.html blame view.
Pagure before 5.6 allows XSS via the templates/blame.html blame view.
nvd
CVE-2020-15961CRITICALCVSS 9.6v15.02020-09-21
CVE-2020-15961 [CRITICAL] CVE-2020-15961: Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an atta
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2020-6573CRITICALCVSS 9.6v15.02020-09-21
CVE-2020-6573 [CRITICAL] CWE-416 CVE-2020-6573: Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15963CRITICALCVSS 9.6v15.02020-09-21
CVE-2020-15963 [CRITICAL] CVE-2020-15963: Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an att
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2020-6574HIGHCVSS 7.8v15.02020-09-21
CVE-2020-6574 [HIGH] CVE-2020-6574: Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
nvd
CVE-2020-15962HIGHCVSS 8.8v15.02020-09-21
CVE-2020-15962 [HIGH] CVE-2020-15962: Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote at
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2020-15964HIGHCVSS 8.8v15.02020-09-21
CVE-2020-15964 [HIGH] CWE-20 CVE-2020-15964: Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attac
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6576HIGHCVSS 8.8v15.02020-09-21
CVE-2020-6576 [HIGH] CWE-416 CVE-2020-6576: Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6575HIGHCVSS 8.3v15.02020-09-21
CVE-2020-6575 [HIGH] CWE-362 CVE-2020-6575: Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised t
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15960HIGHCVSS 8.8v15.02020-09-21
CVE-2020-15960 [HIGH] CWE-787 CVE-2020-15960: Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2020-15965HIGHCVSS 8.8v15.02020-09-21
CVE-2020-15965 [HIGH] CWE-843 CVE-2020-15965: Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentiall
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2020-6570MEDIUMCVSS 4.3v15.02020-09-21
CVE-2020-6570 [MEDIUM] CWE-200 CVE-2020-6570: Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to ob
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.
nvd
CVE-2020-6566MEDIUMCVSS 6.5v15.02020-09-21
CVE-2020-6566 [MEDIUM] CVE-2020-6566: Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote att
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6558MEDIUMCVSS 6.5v15.02020-09-21
CVE-2020-6558 [MEDIUM] CWE-79 CVE-2020-6558: Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a re
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd