Lucene search
K
SusePackage Hub

39 matches found

CVE
CVE
added 2016/03/29 10:0 a.m.1026 views

CVE-2016-1646

Summary: CVE-2016-1646 affects Google Chrome’s V8 engine. The Array.prototype.concat implementation in V8/builtins.cc does not properly consider element data types, enabling a remote attacker to cause a denial of service (out-of-bounds read) via crafted JavaScript code. Affected software/versions...

9.3CVSS8.7AI score0.4811EPSS
In wild
CVE
CVE
added 2019/12/10 9:1 p.m.642 views

CVE-2019-13734

CVE-2019-13734 describes an out-of-bounds write in the SQLite component used by Google Chrome/Chromium, enabling potential heap corruption via a crafted HTML page. Connected advisories confirm this affects Chrome/Chromium’s SQLite usage and note mitigations include updating to Chrome 79.0.3945.79...

8.8CVSS8.6AI score0.04022EPSS
CVE
CVE
added 2019/07/23 1:19 p.m.528 views

CVE-2019-11709

CVE-2019-11709 involves memory safety bugs reported in Mozilla Firefox (67) and Firefox ESR (60.7). Some bugs show memory corruption and could potentially be exploited to run arbitrary code. Affected versions include Firefox ESR < 60.8, Firefox < 68, and Thunderbird

9.8CVSS9.9AI score0.02349EPSS
CVE
CVE
added 2019/05/23 7:17 p.m.488 views

CVE-2019-5798

CVE-2019-5798: In Google Chrome, a lack of proper bounds checking in Skia allowed out-of-bounds memory read via a crafted HTML page. Affected product is Chrome (before 73.0.3683.75); root cause is insufficient bounds checking in Skia’s handling of HTML content. Impact stated: remote attacker coul...

6.5CVSS6.6AI score0.03205EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.332 views

CVE-2020-6404

CVE-2020-6404 is a heap-corruption/BLINK-related vulnerability in Google Chrome prior to 80.0.3987.87. Connected documents confirm that this flaw stems from an inappropriate Blink/WebKit implementation, enabling a remote attacker to potentially trigger heap corruption via a crafted HTML page. The...

8.8CVSS7.7AI score0.02045EPSS
CVE
CVE
added 2019/07/23 1:16 p.m.316 views

CVE-2019-11730

CVE-2019-11730 describes a same-origin policy violation where opening a locally saved HTML file could allow file: URIs to access files in the same directory or subdirectories, enabling the Fetch API to read contents and potentially exfiltrate them. The issue affects Firefox ESR < 60.8, Firefox...

6.5CVSS6.9AI score0.20271EPSS
CVE
CVE
added 2020/03/22 3:47 a.m.303 views

CVE-2020-10804

phpMyAdmin exposes a SQL injection in the retrieval of the current username. Affected versions are 4.x before 4.9.5 and 5.x before 5.0.2, with the flaw located in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. An attacker with server access can craft a username to...

8CVSS7.8AI score0.02694EPSS
CVE
CVE
added 2019/12/23 12:53 a.m.301 views

CVE-2019-19926

CVE-2019-19926 affects SQLite 3.30.1, where multiSelect in select.c mishandles certain parsing errors. Astra Linux notes an invalid pointer dereference triggered by ORDER BY constants in window definitions, due to an incomplete fix for CVE-2019-19880. This can cause a crash (denial of service) an...

7.5CVSS8.2AI score0.06997EPSS
CVE
CVE
added 2019/12/18 5:7 a.m.295 views

CVE-2019-19880

CVE-2019-19880 affects SQLite 3.30.1. The issue arises in exprListAppendList in window.c, where constant integer values in ORDER BY clauses of window definitions are mishandled, allowing an attacker to trigger an invalid pointer dereference. This is described in multiple connected sources (Astra ...

7.5CVSS7.8AI score0.06937EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.293 views

CVE-2020-6392

CVE-2020-6392 describes an insufficient policy enforcement in the Extensions component of Chromium/Google Chrome, allowing an attacker who lures a user to install a crafted malicious extension to bypass navigation restrictions. Public advisories in connected documents indicate the issue affects C...

4.3CVSS5.1AI score0.01481EPSS
CVE
CVE
added 2020/03/22 3:48 a.m.291 views

CVE-2020-10802

CVE-2020-10802 affects phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2. A SQL injection exists due to improper escaping of certain parameters when generating search queries in libraries/classes/Controllers/Table/TableSearchController.php, enabling an attacker to craft database/table names during...

8CVSS7.9AI score0.02115EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.289 views

CVE-2020-6408

CVE-2020-6408 : The connected sources confirm an insufficient policy enforcement in CORS within Google Chrome/Chromium before version 80.0.3987.87. A local attacker could obtain potentially sensitive information by presenting a crafted HTML page, as described in multiple advisories (Debian, Arch ...

6.5CVSS6AI score0.01624EPSS
CVE
CVE
added 2019/01/03 3:0 p.m.286 views

CVE-2018-16876

CVE-2018-16876 affects Ansible prior to versions 2.5.14, 2.6.11, and 2.7.5, exposing information via information disclosure in vvv+ mode when no_log is enabled. The issue is a data leakage vulnerability, confirmed across multiple advisories (e.g., RHSA-2019-0564/0590 and related distributions) an...

5.3CVSS5AI score0.02462EPSS
CVE
CVE
added 2018/10/23 3:0 p.m.282 views

CVE-2018-16837

CVE-2018-16837 affects Ansible; the User module leaks data passed to ssh-keygen, enabling potential exposure of credentials (e.g., passphrases) visible in a process list for users with access. The connected documents confirm this information disclosure issue and note multiple vendor advisories/pa...

7.8CVSS5.4AI score0.00354EPSS
CVE
CVE
added 2020/03/22 3:48 a.m.282 views

CVE-2020-10803

CVE-2020-10803 affects phpMyAdmin 4.x prior to 4.9.5 and 5.x prior to 5.0.2. The vulnerability is a SQL injection in which crafted data inserted into certain database tables can be retrieved (e.g., via Browse) to trigger an XSS attack in the output (tbl_get_field.php and libraries/classes/Display...

5.4CVSS6.4AI score0.01593EPSS
CVE
CVE
added 2020/01/16 3:55 a.m.282 views

CVE-2020-7106

CVE-2020-7106 affects Cacti 1.2.8, with stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php; root cause is improper escaping/display of a raw string from the database (via $header). Public advisori...

6.1CVSS6.7AI score0.02139EPSS
Web
CVE
CVE
added 2020/02/11 2:42 p.m.280 views

CVE-2020-6397

CVE-2020-6397 is described as an insecure sharing implementation in Google Chrome/Chromium that allows a remote attacker to spoof the security UI via a crafted HTML page. Public records among connected sources confirm this as a content spoofing issue in the sharing component of Chromium/Chrome up...

6.5CVSS6.3AI score0.01915EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.280 views

CVE-2020-6406

CVE-2020-6406 is a use-after-free in the audio component of Google Chrome prior to 80.0.3987.87, enabling a remote attacker to potentially trigger heap corruption via a crafted HTML page. Affected product: Chrome/Chromium audio handling. Root cause: use-after-free in the audio path. Impact: remot...

8.8CVSS8.8AI score0.0185EPSS
CVE
CVE
added 2019/12/10 9:1 p.m.279 views

CVE-2019-13764

CVE-2019-13764 is a Chrome JIT/type-confusion vulnerability in TurboFan/V8 causing induction-variable type mis-evaluation (NaN handling) that could enable out-of-bounds/heap-unsafe behavior. Initial description notes a type confusion in Chrome before 79.0.3945.79, allowing remote heap corruption ...

8.8CVSS8.4AI score0.06432EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.279 views

CVE-2020-6416

CVE-2020-6416 affects Chromium-based Chromium/Google Chrome prior to 80.0.3987.87 in the streams component. The root cause is insufficient data validation in streams, enabling a remote attacker to potentially trigger heap corruption via a crafted HTML page. Public advisories (Debian, Arch Linux A...

8.8CVSS8.3AI score0.0199EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.278 views

CVE-2020-6398

CVE-2020-6398 affects Google Chrome/Chromium components where the PDFium library contains an uninitialized data usage, enabling potential heap corruption via a crafted PDF file. Public sources in the connected docs consistently reference a fix in version 80.0.3987.87 (and newer) for Chrome/Chromi...

8.8CVSS8.4AI score0.01794EPSS
CVE
CVE
added 2018/07/13 10:0 p.m.273 views

CVE-2018-10875

CVE-2018-10875 affects Ansible where ansible.cfg is read from the current working directory, allowing an attacker to influence the plugin/module path and potentially execute arbitrary code. The issue arises because the CWD can be manipulated to point to controlled code. Red Hat/Ubuntu/openSUSE ad...

7.8CVSS7.7AI score0.00587EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.273 views

CVE-2020-6382

CVE-2020-6382 affects Chromium/Chrome before version 80.0.3987.87, caused by a type confusion in the v8 JavaScript engine. This vulnerability can enable a remote attacker to potentially execute arbitrary code through a crafted HTML page, with heap corruption as a possible consequence. Publicly re...

8.8CVSS8.3AI score0.02259EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.273 views

CVE-2020-6390

CVE-2020-6390 is an out-of-bounds read in the streams component of Google Chrome/Chromium before version 80.0.3987.87, enabling a remote attacker to potentially cause heap corruption via a crafted HTML page. Mitigation in the provided docs centers on upgrading Chromium/Chrome to 80.0.3987.87 or n...

8.8CVSS8.5AI score0.03083EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.273 views

CVE-2020-6393

CVE-2020-6393 affects Google Chrome/Chromium Blink up to version 80.0.3987.87, where insufficient policy enforcement in Blink allowed a remote attacker to leak cross-origin data via a crafted HTML page. The root cause is a policy enforcement flaw in Blink, leading to cross-origin data exposure. A...

6.5CVSS6.2AI score0.01854EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.272 views

CVE-2020-6415

CVE-2020-6415 is an implementation error in the JavaScript component of Chromium/Google Chrome prior to 80.0.3987.87 that could enable a remote attacker to trigger heap corruption via a crafted HTML page. The issue is documented across multiple connected advisories (Debian, Fedora, Gentoo, Arch L...

8.8CVSS8.3AI score0.0199EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.271 views

CVE-2020-6381

CVE-2020-6381 refers to an integer overflow in the JavaScript engine of Chromium/Google Chrome prior to 80.0.3987.87, enabling potential heap corruption via a crafted HTML page. Affected products include Chrome/Chromium on ChromeOS and Android. Root cause: integer overflow in the v8 JavaScript li...

8.8CVSS8.4AI score0.02207EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.271 views

CVE-2020-6396

CVE-2020-6396 corresponds to an Inappropriate implementation in Skia used by Google Chrome before 80.0.3987.87, enabling a remote attacker to spoof the Omnibox (URL bar) via a crafted HTML page. Connected sources (Debian DSA-4638-1 and related advisories) confirm the issue resides in Skia and was...

4.3CVSS4.7AI score0.01738EPSS
CVE
CVE
added 2019/12/10 9:1 p.m.263 views

CVE-2019-13745

CVE-2019-13745 affects Google Chrome (Chromium) prior to 79.0.3945.79. It is a policy enforcement error in the audio component that could allow a remote attacker to leak cross-origin data via a crafted HTML page. The entry lists the vulnerable condition and version range but does not provide expl...

6.5CVSS6.2AI score0.01505EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.262 views

CVE-2020-6394

Chromium vulnerability CVE-2020-6394 is a Blink policy enforcement bypass in Chrome/Chromium prior to 80.0.3987.87, allowing a remote attacker to bypass Content Security Policy via a crafted HTML page. Affected products: Chromium before 80.0.3987.87 (up to 80.0.3987.87-1 in some updates). Root ca...

5.8CVSS5.6AI score0.0165EPSS
CVE
CVE
added 2019/12/24 3:43 p.m.261 views

CVE-2019-19923

CVE-2019-19923 affects SQLite 3.30.1, specifically the flattenSubquery path in select.c. The vulnerability arises when using SELECT DISTINCT with a LEFT JOIN where the right-hand side is a view, leading to a NULL pointer dereference or incorrect results. The connected documents consistently descr...

7.5CVSS7.8AI score0.0681EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.261 views

CVE-2020-6385

CVE-2020-6385 is a policy enforcement bypass in the Chromium/Google Chrome storage component reported to affect versions before 80.0.3987.87. The issue allows bypassing site isolation via a crafted HTML page, with remote attack potential and impact including information disclosure and UI/content ...

8.8CVSS7.7AI score0.0226EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.256 views

CVE-2020-6403

CVE-2020-6403 affects Google Chrome/Chromium Omnibox behavior. The issue is an incorrect Omnibox implementation on iOS prior to 80.0.3987.87, which could allow a remote attacker to spoof the Omnibox (URL bar) via a crafted HTML page. Impact described in connected advisories includes UI spoofing r...

4.3CVSS4.5AI score0.01606EPSS
CVE
CVE
added 2019/12/24 4:3 p.m.245 views

CVE-2019-19925

CVE-2019-19925 concerns SQLite 3.30.1. The connected documents identify the vulnerable function as zipfileUpdate in ext/misc/zipfile.c, where a NULL pathname is mishandled during an update of a ZIP archive. The material does not provide additional technical details such as version ranges beyond S...

7.5CVSS7.8AI score0.0681EPSS
CVE
CVE
added 2020/08/19 2:25 p.m.183 views

CVE-2020-24368

Summary: CVE-2020-24368 affects Icinga Web 2 (Icinga Web2) versions 2.0.0–2.6.4, 2.7.4 and 2.8.2, via a directory traversal vulnerability that allows access to arbitrary files readable by the web process. The issue is fixed in the same product series at versions 2.6.4, 2.7.4 and 2.8.2. Impact (as...

7.5CVSS7.2AI score0.0328EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.183 views

CVE-2020-6391

CVE-2020-6391 concerns Blink in Google Chrome. The vulnerability arises from insufficient validation of untrusted input in Blink, allowing a local attacker to bypass Content Security Policy via a specially crafted HTML page on Chrome versions prior to 80.0.3987.87. Affected product: Google Chrome...

4.3CVSS4.8AI score0.01331EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.183 views

CVE-2020-6400

CVE-2020-6400 refers to an inappropriate CORS implementation in Google Chrome prior to 80.0.3987.87, enabling a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability affects Chrome’s cross-origin resource sharing handling and is addressed by updating to Chrome 80.0....

6.5CVSS6.2AI score0.02004EPSS
CVE
CVE
added 2020/02/11 2:42 p.m.180 views

CVE-2020-6402

CVE-2020-6402 affects Google Chrome on macOS (OS X) prior to 80.0.3987.87, where Insufficient policy enforcement in downloads could let a user who installed a crafted Chrome Extension execute arbitrary code. The root cause is a policy enforcement flaw in the Downloads component, enabling code exe...

8.8CVSS8.4AI score0.02662EPSS
CVE
CVE
added 2020/02/04 7:8 p.m.167 views

CVE-2019-15623

CVE-2019-15623 affects Nextcloud Server (notably up to 16.0.1 in the description). The issue is an information disclosure where, when the Lookup Server is disabled, the server leaks its domain and user IDs to the Nextcloud Lookup Server. This is classified as a privacy exposure with partial confi...

5.3CVSS5.8AI score0.01924EPSS