Opensuse Leap vulnerabilities
1,896 known vulnerabilities affecting opensuse/leap.
Total CVEs
1,896
CISA KEV
18
actively exploited
Public exploits
51
Exploited in wild
19
Severity breakdown
CRITICAL202HIGH798MEDIUM803LOW93
Vulnerabilities
Page 6 of 95
CVE-2020-6575HIGHCVSS 8.3v15.1v15.22020-09-21
CVE-2020-6575 [HIGH] CWE-362 CVE-2020-6575: Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised t
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2020-15960HIGHCVSS 8.8v15.1v15.22020-09-21
CVE-2020-15960 [HIGH] CWE-787 CVE-2020-15960: Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2020-15965HIGHCVSS 8.8v15.1v15.22020-09-21
CVE-2020-15965 [HIGH] CWE-843 CVE-2020-15965: Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentiall
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2020-6570MEDIUMCVSS 4.3v15.1v15.22020-09-21
CVE-2020-6570 [MEDIUM] CWE-200 CVE-2020-6570: Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to ob
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.
nvd
CVE-2020-6566MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6566 [MEDIUM] CVE-2020-6566: Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote att
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6558MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6558 [MEDIUM] CWE-79 CVE-2020-6558: Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a re
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-6563MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6563 [MEDIUM] CVE-2020-6563: Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
nvd
CVE-2020-15959MEDIUMCVSS 4.3v15.1v15.22020-09-21
CVE-2020-15959 [MEDIUM] CVE-2020-15959: Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an att
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
nvd
CVE-2020-6562MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6562 [MEDIUM] CWE-79 CVE-2020-6562: Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote att
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6568MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6568 [MEDIUM] CVE-2020-6568: Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-6571MEDIUMCVSS 4.3v15.1v15.22020-09-21
CVE-2020-6571 [MEDIUM] CWE-20 CVE-2020-6571: Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote atta
Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
nvd
CVE-2020-6564MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6564 [MEDIUM] CWE-281 CVE-2020-6564: Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
nvd
CVE-2020-15966MEDIUMCVSS 4.3v15.1v15.22020-09-21
CVE-2020-15966 [MEDIUM] CVE-2020-15966: Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an att
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
nvd
CVE-2020-6561MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6561 [MEDIUM] CVE-2020-6561: Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allow
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6560MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6560 [MEDIUM] CVE-2020-6560: Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote
Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2020-6565MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6565 [MEDIUM] CVE-2020-6565: Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remo
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2020-6569MEDIUMCVSS 6.3v15.1v15.22020-09-21
CVE-2020-6569 [MEDIUM] CWE-190 CVE-2020-6569: Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2020-6567MEDIUMCVSS 6.5v15.1v15.22020-09-21
CVE-2020-6567 [MEDIUM] CWE-20 CVE-2020-6567: Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prio
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2020-8252HIGHCVSS 7.8v15.22020-09-18
CVE-2020-8252 [HIGH] CWE-120 CVE-2020-8252: The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incor
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
nvd
CVE-2020-8201HIGHCVSS 7.4v15.22020-09-18
CVE-2020-8201 [HIGH] CWE-444 CVE-2020-8201: Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due t
nvd