Opensuse Backports_sle
329 CVEs affecting Opensuse Backports_sle. Latest disclosed: 2022-09-07. Critical: 26, High: 169.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-26935 | Critical | 9.8 | 2020-10-10 | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin pro… |
CVE-2020-11800 | Critical | 9.8 | 2020-10-07 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. |
CVE-2020-17353 | Critical | 9.8 | 2020-08-05 | scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg… |
CVE-2020-15917 | Critical | 9.8 | 2020-07-23 | common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. |
CVE-2020-12641 | Critical | 9.8 | 2020-05-04 | rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert… |
CVE-2020-12640 | Critical | 9.8 | 2020-05-04 | Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. |
CVE-2020-8955 | Critical | 9.8 | 2020-02-12 | irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application… |
CVE-2019-18622 | Critical | 9.8 | 2019-11-22 | An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. |
CVE-2019-17545 | Critical | 9.8 | 2019-10-14 | GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. |
CVE-2019-17455 | Critical | 9.8 | 2019-10-10 | Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demons… |
CVE-2019-13962 | Critical | 9.8 | 2019-07-18 | lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly val… |
CVE-2019-9215 | Critical | 9.8 | 2019-02-28 | In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. |
CVE-2019-7164 | Critical | 9.8 | 2019-02-20 | SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. |
CVE-2020-16011 | Critical | 9.6 | 2020-11-03 | Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially… |
CVE-2020-15999 | Critical | 9.6 | 2020-11-03 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pa… |
CVE-2020-6573 | Critical | 9.6 | 2020-09-21 | Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially pe… |
CVE-2020-15963 | Critical | 9.6 | 2020-09-21 | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension… |
CVE-2020-15961 | Critical | 9.6 | 2020-09-21 | Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension… |
CVE-2020-6522 | Critical | 9.6 | 2020-07-22 | Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox es… |
CVE-2020-6471 | Critical | 9.6 | 2020-05-21 | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious exten… |