Lucene search
K
OpensuseBackports Sle

326 matches found

CVE
CVE
added 2019/04/19 12:0 a.m.3063 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wild
CVE
CVE
added 2018/11/07 5:0 a.m.2389 views

CVE-2018-19052

The CVE-2018-19052 issue affects lighttpd’s mod_alias_physical_handler (mod_alias.c): when a configured alias lacks a trailing '/' but the target path has one, there is potential directory traversal to the parent of the alias target. Public advisories confirm this vulnerability across multiple di...

7.5CVSS7.3AI score0.1408EPSS
CVE
CVE
added 2020/11/03 12:0 a.m.2122 views

CVE-2020-15999

CVE-2020-15999 corresponds to a heap-based buffer overflow in FreeType that can be triggered by crafted font/PNG data, potentially via a malicious HTML page, affecting freetype usage in Google Chrome before 86.0.4240.111. Public advisories describe the issue as a heap overflow in Load_SBit_Png an...

9.6CVSS7.1AI score0.5063EPSS
In wild
CVE
CVE
added 2020/11/03 2:21 a.m.1379 views

CVE-2020-16009

CVE-2020-16009 is a Google Chrome/Chromium V8 type-confusion vulnerability that could allow remote code execution via a crafted HTML page. Root cause: type confusion in V8 before 86.0.4240.183. Affected product family includes Google Chrome and other Chromium-based browsers; Debian security advis...

8.8CVSS8.6AI score0.48574EPSS
In wild
CVE
CVE
added 2020/07/22 4:16 p.m.1360 views

CVE-2020-6514

CVE-2020-6514 affects Google Chrome WebRTC data channel where an attacker in a privileged network position could trigger a memory corruption (heap) via a crafted SCTP stream. The initial description notes an inappropriate WebRTC implementation as the underlying cause, with the vulnerability explo...

6.5CVSS7.3AI score0.0779EPSS
CVE
CVE
added 2020/11/03 2:21 a.m.1292 views

CVE-2020-15969

CVE-2020-15969 is a use-after-free in WebRTC that was exploitable via a crafted HTML page, potentially causing heap corruption and arbitrary code execution. Connected Apple advisories (Safari 14.0.2, watchOS 7.2, tvOS 14.3) indicate this was addressed by Apple in respective security updates; appl...

8.8CVSS8.8AI score0.01705EPSS
CVE
CVE
added 2020/02/20 3:17 p.m.818 views

CVE-2020-9272

CVE-2020-9272 concerns ProFTPD 1.3.7 with an out-of-bounds read in the FTP server’s mod_cap component, triggered via the cap_to_text function in cap_text.c. The vulnerability is network‑based (remote attacker over the protocol) with no authentication required and could lead to information disclos...

7.5CVSS7.8AI score0.0211EPSS
CVE
CVE
added 2019/02/11 12:0 a.m.792 views

CVE-2019-5736

CVE-2019-5736 affects runc as shipped in Docker before 18.09.2 and other products, enabling a container to overwrite the host runc binary via /proc/self/exe and gain host root. Root cause: file-descriptor mishandling in runc leading to command execution as root inside a container. Affected versio...

9.3CVSS8.8AI score0.9857EPSS
In wild
CVE
CVE
added 2019/12/10 9:1 p.m.643 views

CVE-2019-13734

CVE-2019-13734 describes an out-of-bounds write in the SQLite component used by Google Chrome/Chromium, enabling potential heap corruption via a crafted HTML page. Connected advisories confirm this affects Chrome/Chromium’s SQLite usage and note mitigations include updating to Chrome 79.0.3945.79...

8.8CVSS8.6AI score0.04022EPSS
CVE
CVE
added 2020/05/04 2:58 p.m.624 views

CVE-2020-12641

Roundcube Webmail is affected by CVE-2020-12641 due to an injection vulnerability in rcube_image.php. The issue allows an attacker to execute arbitrary code by supplying shell metacharacters in configuration settings for im_convert_path or im_identify_path. The documented impact is remote code ex...

9.8CVSS9.5AI score0.84456EPSS
In wild
CVE
CVE
added 2019/07/16 12:0 a.m.471 views

CVE-2019-13616

CVE-2019-13616 affects SDL up to 1.2.15 and 2.x up to 2.0.9, with a heap-based buffer over-read in BlitNtoN (video/SDL_blit_N.c) invoked via SDL_SoftBlit (video/SDL_blit.c). Several connected advisories confirm the root issue is in SDL’s handling of image data (notably BMP loading) or surface cop...

8.1CVSS8.5AI score0.03299EPSS
CVE
CVE
added 2020/05/21 3:46 a.m.434 views

CVE-2020-6463

CVE-2020-6463 is a use-after-free in ANGLE (affecting Chrome up to version 81.x, per the CVE page). Connected advisories show the same CVE listed in Thunderbird/Firefox-related updates with fixes in 68.11.0 ESR lines and related Red Hat/CentOS advisories. Practical takeaway: to remediate, upgrade...

8.8CVSS9.1AI score0.02888EPSS
CVE
CVE
added 2020/04/13 5:31 p.m.420 views

CVE-2020-6447

CVE-2020-6447 describes an inappropriate implementation in the developer tools of Chromium/Google Chrome prior to 81.0.4044.92, which could allow a remote attacker who convinces a user to use DevTools to potentially exploit heap corruption via a crafted HTML page. Public sources (Arch Linux secur...

8.8CVSS8.3AI score0.01833EPSS
CVE
CVE
added 2019/07/26 3:15 a.m.414 views

CVE-2019-14274

CVE-2019-14274 affects MCPP 2.7.2, with a heap-based buffer overflow in do_msg() in support.c. This is shown across multiple connected advisories (e.g., MARINER, Red Hat, Gentoo GLSA). Impact cited as potential denial of service; no explicit exploit details provided. Remediation exists: upgrade t...

5.5CVSS5.5AI score0.01569EPSS
CVE
CVE
added 2020/08/30 1:55 p.m.379 views

CVE-2020-14352

CVE-2020-14352 : Librepo before 1.12.1 contains a directory traversal vulnerability due to inadequate sanitization of paths in remote repository metadata. An attacker hosting a remote repository could copy files outside the destination directory by crafting repository metadata/URLs, potentially e...

8.5CVSS7.5AI score0.02526EPSS
CVE
CVE
added 2019/11/22 8:32 p.m.364 views

CVE-2019-18622

phpMyAdmin before 4.9.2 is affected by CVE-2019-18622: a crafted database/table name can trigger SQL injection through the Designer feature. Public data in connected sources shows the vulnerability and indicates a security fix in phpMyAdmin 4.9.2 (PMASA-2019-5) with multiple advisories (openSUSE,...

9.8CVSS9.4AI score0.02579EPSS
CVE
CVE
added 2019/10/10 5:17 p.m.358 views

CVE-2019-17455

CVE-2019-17455 affects libntlm up to version 1.5, due to a fixed buffer size in tSmbNtlmAuthRequest/Challenge/Response that enables a stack-based over-read in buildSmbNtlmAuthRequest (NTLM crafted requests). Upstream fixes exist; Debian/Mageia/Fedora advisories show later packages patching this, ...

9.8CVSS9.2AI score0.03107EPSS
CVE
CVE
added 2020/06/03 6:41 p.m.352 views

CVE-2020-13379

CVE-2020-13379 is an SSRF/Incorrect Access Control flaw in Grafana avatar handling, affecting versions 3.0.1–7.0.1. An unauthenticated user can prompt Grafana to fetch arbitrary URLs and return the response, enabling network reconnaissance. Additionally, invalid URL handling could trigger a SegFa...

8.2CVSS8.1AI score0.99856EPSS
In wild
CVE
CVE
added 2020/07/22 4:16 p.m.350 views

CVE-2020-6519

CVE-2020-6519 is a policy bypass in the Content Security Policy (CSP) for Google Chrome, allowing a remote attacker to bypass CSP via a crafted HTML page in Chrome versions prior to 84.0.4147.89. Connected sources confirm public advisories and fixes across distributions: Debian notes a security u...

6.5CVSS6.7AI score0.1132EPSS
CVE
CVE
added 2020/01/03 10:35 p.m.346 views

CVE-2019-5845

CVE-2019-5845: Out-of-bounds access in SwiftShader within Google Chrome prior to 73.0.3683.75 can enable remote heap corruption via a crafted HTML page. The available documents confirm this vulnerability and its association with Chrome/SwiftShader, but do not provide additional exploit details, a...

6.5CVSS7AI score0.01395EPSS
CVE
CVE
added 2019/07/03 6:43 p.m.340 views

CVE-2019-5052

CVE-2019-5052 affects SDL2_image 2.0.4, where loading a PCX file can trigger an exploitable integer overflow, causing too little memory to be allocated and leading to a buffer overflow with potential code execution. The vulnerability is referenced in multiple advisories (e.g., Mageia MGASA-2019-0...

8.8CVSS8.7AI score0.04515EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.334 views

CVE-2020-6404

CVE-2020-6404 is a heap-corruption/BLINK-related vulnerability in Google Chrome prior to 80.0.3987.87. Connected documents confirm that this flaw stems from an inappropriate Blink/WebKit implementation, enabling a remote attacker to potentially trigger heap corruption via a crafted HTML page. The...

8.8CVSS7.7AI score0.02045EPSS
CVE
CVE
added 2019/05/23 7:14 p.m.333 views

CVE-2019-5794

CVE-2019-5794 is a UI spoofing vulnerability reported in Chromium/Google Chrome before version 73.0.3683.75. The issue allows a remote attacker to achieve domain spoofing via a crafted HTML page. Public disclosures in connected sources confirm the affected product as Chromium/Chrome and reference...

6.5CVSS6.4AI score0.01125EPSS
CVE
CVE
added 2019/05/23 7:16 p.m.327 views

CVE-2019-5796

CVE-2019-5796 affects Chromium-based browsers (Chrome/Chromium) via the Extensions component. A race condition in Extensions before 73.0.3683.75 could be triggered remotely, with official advisories stating the vulnerability exists in Chromium’s Extensions and that upgrading to 73.0.3683.75 or ne...

7.5CVSS7.6AI score0.04674EPSS
CVE
CVE
added 2020/01/10 9:10 p.m.326 views

CVE-2020-6377

CVE-2020-6377 is a use-after-free in Chrome/Chromium’s audio path that could allow remote heap corruption via a crafted HTML page. Affected products: Google Chrome/Chromium prior to version 79.0.3945.117. Public advisories indicate fixes in later builds (e.g., Debian/Chromium updates to 79.0.3945...

8.8CVSS8.8AI score0.01453EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.321 views

CVE-2020-6430

CVE-2020-6430 is a type confusion in the V8 JavaScript engine of Chromium/Google Chrome prior to 81.0.4044.92. A remote attacker could potentially cause heap corruption and execute arbitrary code. Mitigation: upgrade Chromium to 81.0.4044.92 or newer (upstream fix in 81.0.4044.92; Debian referenc...

8.8CVSS8.3AI score0.01896EPSS
CVE
CVE
added 2020/05/06 2:50 p.m.320 views

CVE-2020-12108

Summary: CVE-2020-12108 affects GNU Mailman prior to 2.1.31, allowing Arbitrary Content Injection via the /options/mailman page (and related login/archival areas per advisories). Affected software: Mailman 2.1.x series before 2.1.31. Root cause / vector: improper handling on the options/login pat...

6.5CVSS6.4AI score0.02698EPSS
CVE
CVE
added 2020/10/10 6:26 p.m.320 views

CVE-2020-26935

CVE-2020-26935 affects phpMyAdmin, where a SQL injection vulnerability exists in how the SearchController processes SQL statements in the search feature. Vulnerable when running phpMyAdmin versions prior to 4.9.6 and 5.x prior to 5.0.3. Successful exploitation could allow an attacker to inject ma...

9.8CVSS9.4AI score0.67081EPSS
CVE
CVE
added 2020/01/03 10:35 p.m.317 views

CVE-2019-5846

CVE-2019-5846 : Out-of-bounds access in SwiftShader used by Google Chrome prior to 73.0.3683.75 could allow a remote attacker to trigger heap corruption via a crafted HTML page. This vulnerability affects Chrome’s rendering/graphics stack (SwiftShader) and is described as a potential remote explo...

6.5CVSS7AI score0.01395EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.316 views

CVE-2020-6423

CVE-2020-6423 affects Chromium/Google Chrome’s audio component. The Arch Linux ASA-202004-9 describes a use-after-free in the audio implementation prior to 81.0.4044.92, enabling a remote attacker to potentially execute arbitrary code. The issue is addressed upstream with version 81.0.4044.92 (Ch...

8.8CVSS8.8AI score0.01679EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.315 views

CVE-2020-6434

CVE-2020-6434 is a use-after-free vulnerability in the Chrome/Chromium DevTools component, reported to affect Chromium before version 81.0.4044.92. The connected advisories attribute an arbitrary code execution impact to this issue, with upstream fixes released in the 81.0.4044.92 timeframe. Reme...

8.8CVSS8.8AI score0.01661EPSS
CVE
CVE
added 2020/07/22 4:16 p.m.314 views

CVE-2020-6524

CVE-2020-6524 : Heap buffer overflow in WebAudio affecting Google Chrome before 84.0.4147.89. A remote attacker could potentially exploit heap corruption via a crafted HTML page, leading to arbitrary code execution or crashes as described in multiple advisories. The issue is tied to Chrome’s WebA...

9.3CVSS8.9AI score0.02882EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.313 views

CVE-2020-6444

CVE-2020-6444 affects Google Chrome/Chromium WebRTC: uninitialized variable in WebRTC implementation could enable heap corruption via a crafted HTML page. Connected advisories confirm the issue in Chrome prior to 81.0.4044.92 and list it alongside related CVEs in Chromium (CVE-2020-6423, CVE-2020...

6.8CVSS6.7AI score0.01351EPSS
CVE
CVE
added 2020/05/21 3:46 a.m.310 views

CVE-2020-6489

CVE-2020-6489 corresponds to an inappropriately implemented behavior in Google Chrome’s developer tools prior to 83.0.4103.61. The issue is described as an implementation error in the developer tools component, enabling a remote attacker who tricks a user into performing certain actions on a craf...

4.3CVSS4.8AI score0.01633EPSS
CVE
CVE
added 2019/07/14 9:0 p.m.309 views

CVE-2019-13602

CVE-2019-13602 affects VideoLAN VLC media player up to version 3.0.7.1. The vulnerability is an integer underflow in the function MP4_EIA608_Convert() (modules/demux/mp4/mp4.c) that can allow a remote attacker to cause a DoS via heap-based buffer overflow and crash or other unspecified impact thr...

7.8CVSS8.9AI score0.0209EPSS
CVE
CVE
added 2019/02/20 12:0 a.m.309 views

CVE-2019-7164

CVE-2019-7164 affects SQLAlchemy up to 1.2.17 and 1.3.x up to 1.3.0b2, allowing SQL Injection when the order_by parameter is controlled. The connected exploit repository (mlflow-cve-2019-7164) demonstrates a practical exploit pipeline using Docker/Hud and a Python test, indicating real-world appl...

9.8CVSS9.7AI score0.03525EPSS
CVE
CVE
added 2020/04/13 5:30 p.m.308 views

CVE-2020-6438

CVE-2020-6438 : A policy enforcement error in Chrome extensions prior to 81.0.4044.92 could allow a user-assisted attacker to obtain potentially sensitive information from process memory by convincing a user to install a crafted malicious extension. Affected software: Google Chrome (extensions su...

4.3CVSS4.9AI score0.01294EPSS
CVE
CVE
added 2020/01/02 2:23 p.m.307 views

CVE-2019-14864

The connected documents confirm CVE-2019-14864 affects Ansible, specifically versions 2.9.x before 2.9.1, 2.8.x before 2.8.7, and 2.7.x before 2.7.15. The root cause is that the no_log flag is not respected when Sumologic and Splunk callback plugins are used to send task results to collectors, le...

6.5CVSS6.4AI score0.01857EPSS
CVE
CVE
added 2020/08/05 12:55 p.m.307 views

CVE-2020-17353

CVE-2020-17353 affects LilyPond up to 2.20.0 and 2.21.x up to 2.21.4. When -dsafe is used, LilyPond does not restrict embedded-ps and embedded-svg, enabling execution of arbitrary PostScript/SVG content as demonstrated by vulnerable inputs. Publicly documented fixes across multiple distros includ...

9.8CVSS9.2AI score0.02371EPSS
CVE
CVE
added 2020/01/03 10:35 p.m.306 views

CVE-2019-5844

CVE-2019-5844 involves an out-of-bounds access in SwiftShader within Google Chrome/Chromium before 73.0.3683.75, enabling a remote attacker to potentially trigger heap corruption via a crafted HTML page. The entry does not indicate exploitation status. Affected tier: Chrome/Chromium in prior vers...

6.5CVSS7AI score0.01395EPSS
CVE
CVE
added 2020/04/24 12:37 p.m.306 views

CVE-2020-12137

CVE-2020-12137 affects GNU Mailman 2.x up to version 2.1.30. The root cause is using the .obj extension for scrubbed application/octet-stream MIME parts, which can trigger MIME sniffing and lead to XSS in list-archive visitors when HTTP replies lack a MIME type. The connected advisories indicate ...

6.1CVSS6.1AI score0.02288EPSS
CVE
CVE
added 2020/05/21 3:46 a.m.305 views

CVE-2020-6475

CVE-2020-6475 concerns Google Chrome/Chromium: an incorrect implementation in full screen mode allowed a remote attacker to spoof the security UI via a crafted HTML page. Affected versions prior to the fix were Chrome/Chromium releases up to 83.0.4103.61. The issue is categorized under content sp...

6.5CVSS6.5AI score0.01669EPSS
CVE
CVE
added 2020/07/22 4:16 p.m.305 views

CVE-2020-6525

CVE-2020-6525 : Heap buffer overflow in Skia used by Google Chrome prior to 84.0.4147.89. The vulnerability could allow remote code execution via a crafted HTML page due to heap corruption in Skia. Affected product/version: Google Chrome (Skia component) before 84.0.4147.89. Mitigation: upgrade C...

8.8CVSS8.9AI score0.01857EPSS
CVE
CVE
added 2020/04/13 5:31 p.m.304 views

CVE-2020-6451

CVE-2020-6451 is a use-after-free vulnerability in Chrome/Chromium’s WebAudio implementation, prior to version 80.0.3987.162. The issue can allow a remote attacker to potentially cause heap corruption and execute arbitrary code through a crafted HTML page. Public reports across multiple feeds (Ar...

8.8CVSS8.8AI score0.01453EPSS
CVE
CVE
added 2019/12/23 12:53 a.m.303 views

CVE-2019-19926

CVE-2019-19926 affects SQLite 3.30.1, where multiSelect in select.c mishandles certain parsing errors. Astra Linux notes an invalid pointer dereference triggered by ORDER BY constants in window definitions, due to an incomplete fix for CVE-2019-19880. This can cause a crash (denial of service) an...

7.5CVSS8.2AI score0.06997EPSS
CVE
CVE
added 2020/03/22 3:47 a.m.303 views

CVE-2020-10804

phpMyAdmin exposes a SQL injection in the retrieval of the current username. Affected versions are 4.x before 4.9.5 and 5.x before 5.0.2, with the flaw located in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. An attacker with server access can craft a username to...

8CVSS7.8AI score0.02694EPSS
CVE
CVE
added 2020/05/19 4:4 p.m.303 views

CVE-2020-10995

PowerDNS Recursor (PowerDNS Recursor 4.1.0–4.3.0) is affected by CVE-2020-10995. A DNS-protocol issue allows an attacker to use recursive resolvers to amplify traffic toward third-party authoritative name servers, potentially degrading service. Mitigations exist in PowerDNS Recursor 4.1.16, 4.2.2...

7.5CVSS7.3AI score0.04372EPSS
CVE
CVE
added 2019/11/22 12:0 a.m.302 views

CVE-2019-10206

CVE-2019-10206 affects Ansible (various branches): 2.6.x pre-2.6.19, 2.7.x pre-2.7.13, 2.8.x pre-2.8.4. The flaw arises when prompting passwords by expanding templates, which could reveal passwords via templates/logs. Impact per sources includes potential exposure of credentials (confidentiality)...

6.5CVSS6.6AI score0.01503EPSS
CVE
CVE
added 2020/07/22 4:16 p.m.301 views

CVE-2020-6526

CVE-2020-6526 affects Google Chrome before 84.0.4147.89. An inappropriate implementation in the iframe sandbox could allow a remote attacker to bypass navigation restrictions via a crafted HTML page. Public references in Debian and FreeBSD advisories align with a fixed version around 84.0.4147.89...

6.5CVSS6.7AI score0.01709EPSS
CVE
CVE
added 2020/05/21 3:46 a.m.298 views

CVE-2020-6476

The CVE-2020-6476 entry concerns Google Chrome prior to 83.0.4103.61, where an insufficient policy enforcement in the tab strip could allow an attacker—who convinces a user to install a malicious extension—to bypass navigation restrictions via that extension. Affected component: tab strip policy ...

6.5CVSS6.7AI score0.0134EPSS
Total number of security vulnerabilities326