Lucene search

K
OpensuseBackports Sle

326 matches found

CVE
CVE
added 2019/11/25 3:15 p.m.246 views

CVE-2019-13703

Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.6AI score0.0031EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.246 views

CVE-2019-13745

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.0241EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.246 views

CVE-2020-6399

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.01087EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.246 views

CVE-2020-6486

Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.5AI score0.00968EPSS
CVE
CVE
added 2020/07/22 5:15 p.m.246 views

CVE-2020-6536

Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.

4.3CVSS5.1AI score0.01606EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.244 views

CVE-2020-6468

Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.42466EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.243 views

CVE-2019-13706

Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

7.8CVSS7.8AI score0.00374EPSS
CVE
CVE
added 2020/01/16 4:15 a.m.243 views

CVE-2020-7106

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to t...

6.1CVSS6.7AI score0.04094EPSS
CVE
CVE
added 2019/09/19 2:15 p.m.242 views

CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

6.5CVSS6.6AI score0.07123EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.242 views

CVE-2019-9499

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection w...

8.1CVSS8AI score0.01603EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.241 views

CVE-2019-13699

Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01004EPSS
CVE
CVE
added 2019/10/08 7:15 p.m.241 views

CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible module...

7.8CVSS7.3AI score0.00086EPSS
CVE
CVE
added 2020/03/27 8:15 p.m.241 views

CVE-2020-6095

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability...

7.5CVSS7.2AI score0.0053EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.241 views

CVE-2020-6412

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

5.8CVSS5.8AI score0.00574EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.240 views

CVE-2019-13702

Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

7.8CVSS7.5AI score0.00185EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.239 views

CVE-2020-6394

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5.8CVSS5.6AI score0.01055EPSS
CVE
CVE
added 2019/02/06 9:29 p.m.238 views

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

7.8CVSS9AI score0.01109EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.238 views

CVE-2020-6385

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.

8.8CVSS7.7AI score0.01399EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.238 views

CVE-2020-6477

Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.

7.8CVSS7.6AI score0.00031EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.237 views

CVE-2019-13710

Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00238EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.237 views

CVE-2019-9494

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hos...

5.9CVSS6.5AI score0.01538EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.236 views

CVE-2020-6414

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

8.8CVSS7.7AI score0.00866EPSS
CVE
CVE
added 2020/10/16 6:15 a.m.235 views

CVE-2020-25829

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results ...

7.5CVSS7.1AI score0.00605EPSS
CVE
CVE
added 2019/05/23 8:29 p.m.234 views

CVE-2019-5802

Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.4AI score0.00223EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.234 views

CVE-2020-6483

Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

6.5CVSS6.5AI score0.00694EPSS
CVE
CVE
added 2020/01/10 10:15 p.m.233 views

CVE-2019-13767

Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.07423EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.232 views

CVE-2020-6403

Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.5AI score0.01371EPSS
CVE
CVE
added 2020/03/31 5:15 p.m.230 views

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS c...

7.3CVSS6AI score0.00046EPSS
CVE
CVE
added 2019/12/24 4:15 p.m.230 views

CVE-2019-19923

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

7.5CVSS7.8AI score0.13878EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.229 views

CVE-2020-6490

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.

4.3CVSS5AI score0.01041EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.228 views

CVE-2019-13700

Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01168EPSS
CVE
CVE
added 2020/05/06 3:15 a.m.227 views

CVE-2020-12672

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.

7.5CVSS7.6AI score0.00357EPSS
CVE
CVE
added 2020/10/10 7:15 p.m.226 views

CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

6.1CVSS7AI score0.03386EPSS
CVE
CVE
added 2019/02/08 11:29 a.m.224 views

CVE-2019-7635

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

8.1CVSS8.5AI score0.03385EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.223 views

CVE-2019-13717

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

4.3CVSS5AI score0.00319EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.223 views

CVE-2019-13719

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

4.3CVSS5AI score0.00496EPSS
CVE
CVE
added 2020/02/11 3:15 p.m.223 views

CVE-2020-6401

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

6.5CVSS6.4AI score0.00779EPSS
CVE
CVE
added 2020/02/20 4:15 p.m.223 views

CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

9CVSS8.7AI score0.46795EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.222 views

CVE-2019-13716

Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00231EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.222 views

CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful att...

4.3CVSS6.7AI score0.04562EPSS
CVE
CVE
added 2019/07/18 8:15 p.m.221 views

CVE-2019-13962

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

9.8CVSS9.3AI score0.0194EPSS
CVE
CVE
added 2019/12/24 5:15 p.m.220 views

CVE-2019-19925

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

7.5CVSS7.8AI score0.12247EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.219 views

CVE-2019-13709

Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

6.5CVSS6.2AI score0.0017EPSS
CVE
CVE
added 2020/03/27 1:15 p.m.219 views

CVE-2020-1772

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0...

7.5CVSS6.9AI score0.0067EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.218 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaini...

8.1CVSS7.9AI score0.01603EPSS
CVE
CVE
added 2019/10/14 2:15 a.m.217 views

CVE-2019-17545

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

9.8CVSS9.3AI score0.01651EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.215 views

CVE-2019-13714

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.

6.1CVSS6.2AI score0.00317EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.213 views

CVE-2019-13704

Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3CVSS4.8AI score0.0017EPSS
CVE
CVE
added 2020/03/27 1:15 p.m.210 views

CVE-2020-1770

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

4.3CVSS5.3AI score0.00415EPSS
CVE
CVE
added 2019/11/26 2:15 p.m.207 views

CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None

6.5CVSS6.3AI score0.00326EPSS
Total number of security vulnerabilities326