CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Opensuse » Backports Sle » 15.0 SP2 * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-26935 89 Sql 2020-10-10 2023-01-31
7.5
 None Remote Low Not required Partial Partial Partial
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
2 CVE-2020-26934 79 XSS 2020-10-10 2021-01-28
4.3
 None Remote Medium Not required None Partial None
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
3 CVE-2020-26164 400 DoS 2020-10-07 2023-01-31
4.9
 None Local Low Not required None None Complete
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
4 CVE-2020-25829 DoS 2020-10-16 2022-06-15
5.0
 None Remote Low Not required None None Partial
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
5 CVE-2020-25032 22 Dir. Trav. 2020-08-31 2022-04-28
5.0
 None Remote Low Not required Partial None None
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
6 CVE-2020-24614 862 Exec Code 2020-08-25 2022-04-28
6.5
 None Remote Low ??? Partial Partial Partial
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
7 CVE-2020-17353 2020-08-05 2023-01-24
7.5
 None Remote Low Not required Partial Partial Partial
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
8 CVE-2020-16011 787 Overflow 2020-11-03 2021-03-11
6.8
 None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
9 CVE-2020-16009 787 2020-11-03 2023-06-06
6.8
 None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
10 CVE-2020-16008 787 Overflow 2020-11-03 2021-03-11
6.8
 None Remote Medium Not required Partial Partial Partial
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
11 CVE-2020-16007 20 2020-11-03 2021-07-21
4.6
 None Local Low Not required Partial Partial Partial
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
12 CVE-2020-16006 787 2020-11-03 2021-03-11
6.8
 None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
13 CVE-2020-16005 787 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14 CVE-2020-16004 416 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
15 CVE-2020-16003 416 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
16 CVE-2020-16002 416 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
17 CVE-2020-16001 416 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 CVE-2020-16000 787 2020-11-03 2021-03-17
6.8
 None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19 CVE-2020-15999 787 Overflow 2020-11-03 2022-01-28
4.3
 None Remote Medium Not required None None Partial
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
20 CVE-2020-15992 Bypass 2020-11-03 2021-02-24
6.8
 None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
21 CVE-2020-15991 416 2020-11-03 2021-03-17
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
22 CVE-2020-15990 416 2020-11-03 2021-03-17
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
23 CVE-2020-15989 665 +Info 2020-11-03 2021-07-21
4.3
 None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
24 CVE-2020-15988 Exec Code 2020-11-03 2021-03-11
6.8
 None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
25 CVE-2020-15987 416 2020-11-03 2021-02-24
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
26 CVE-2020-15986 416 Overflow 2020-11-03 2021-07-21
4.3
 None Remote Medium Not required None None Partial
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
27 CVE-2020-15985 2020-11-03 2021-02-24
4.3
 None Remote Medium Not required None Partial None
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
28 CVE-2020-15984 2020-11-03 2021-03-11
4.3
 None Remote Medium Not required None Partial None
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
29 CVE-2020-15983 20 Bypass 2020-11-03 2021-03-11
4.4
 None Local Medium Not required Partial Partial Partial
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
30 CVE-2020-15982 +Info 2020-11-03 2021-03-11
4.3
 None Remote Medium Not required Partial None None
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
31 CVE-2020-15981 125 +Info 2020-11-03 2021-03-11
4.3
 None Remote Medium Not required Partial None None
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
32 CVE-2020-15980 Bypass 2020-11-03 2021-03-11
4.6
 None Local Low Not required Partial Partial Partial
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
33 CVE-2020-15979 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
34 CVE-2020-15978 20 Bypass 2020-11-03 2021-03-05
6.8
 None Remote Medium Not required Partial Partial Partial
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
35 CVE-2020-15977 20 +Info 2020-11-03 2021-03-05
4.3
 None Remote Medium Not required Partial None None
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
36 CVE-2020-15976 416 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
37 CVE-2020-15975 190 Overflow 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
38 CVE-2020-15974 190 Overflow Bypass 2020-11-03 2021-01-30
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
39 CVE-2020-15973 Bypass 2020-11-03 2021-03-11
4.3
 None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
40 CVE-2020-15972 416 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
41 CVE-2020-15971 416 2020-11-03 2021-03-11
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
42 CVE-2020-15970 416 2020-11-03 2021-03-11
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
43 CVE-2020-15969 416 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
44 CVE-2020-15968 416 2020-11-03 2021-01-30
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
45 CVE-2020-15967 416 2020-11-03 2021-03-11
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
46 CVE-2020-15966 +Info 2020-09-21 2021-03-04
4.3
 None Remote Medium Not required Partial None None
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
47 CVE-2020-15965 843 2020-09-21 2021-01-30
6.8
 None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
48 CVE-2020-15964 787 2020-09-21 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
49 CVE-2020-15963 2020-09-21 2021-01-29
6.8
 None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
50 CVE-2020-15962 2020-09-21 2021-01-29
6.8
 None Remote Medium Not required Partial Partial Partial
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Total number of vulnerabilities : 118   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.