This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensuse First view 2019-02-08
Product Backports Sle Last view 2020-11-03
Version 15.0 Type Application
Update sp1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:opensuse:backports_sle

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2020-11-03 CVE-2020-16009

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-16008

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

7.8 2020-11-03 CVE-2020-16007

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

8.8 2020-11-03 CVE-2020-16006

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-16005

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 2020-11-03 CVE-2020-16004

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5 2020-10-16 CVE-2020-25829

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).

9.8 2020-10-10 CVE-2020-26935

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

6.1 2020-10-10 CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

5.5 2020-10-07 CVE-2020-26164

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

9.8 2020-10-07 CVE-2020-11800

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

5.3 2020-10-05 CVE-2020-8228

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

8.8 2020-09-21 CVE-2020-6576

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.3 2020-09-21 CVE-2020-6575

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6 2020-09-21 CVE-2020-6573

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

4.3 2020-09-21 CVE-2020-6571

Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3 2020-09-21 CVE-2020-6570

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.

6.3 2020-09-21 CVE-2020-6569

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6566

Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6564

Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6562

Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6561

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5 2020-09-21 CVE-2020-6560

Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

8.8 2020-09-21 CVE-2020-6559

Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

4.3 2020-09-21 CVE-2020-15966

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
28% (28) CWE-787 Out-of-bounds Write
11% (11) CWE-416 Use After Free
7% (7) CWE-276 Incorrect Default Permissions
7% (7) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
6% (6) CWE-20 Improper Input Validation
4% (4) CWE-770 Allocation of Resources Without Limits or Throttling
4% (4) CWE-200 Information Exposure
4% (4) CWE-125 Out-of-bounds Read
3% (3) CWE-287 Improper Authentication
3% (3) CWE-190 Integer Overflow or Wraparound
2% (2) CWE-362 Race Condition
2% (2) CWE-203 Information Exposure Through Discrepancy
2% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
2% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (1) CWE-755 Improper Handling of Exceptional Conditions
1% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
1% (1) CWE-668 Exposure of Resource to Wrong Sphere
1% (1) CWE-532 Information Leak Through Log Files
1% (1) CWE-476 NULL Pointer Dereference
1% (1) CWE-415 Double Free
1% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (1) CWE-307 Improper Restriction of Excessive Authentication Attempts
1% (1) CWE-281 Improper Preservation of Permissions
1% (1) CWE-209 Information Exposure Through an Error Message
1% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...

Snort® IPS/IDS

Date Description
2021-02-02 Grafana Labs Grafana denial of service attempt
RuleID : 56822 - Type : SERVER-WEBAPP - Revision : 3
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0843 attack attempt
RuleID : 50270 - Type : FILE-IMAGE - Revision : 2
2020-12-05 TRUFFLEHUNTER TALOS-2019-0843 attack attempt
RuleID : 50269 - Type : FILE-IMAGE - Revision : 2
2019-03-19 Multiple products runc arbitrary code execution attempt
RuleID : 49195 - Type : SERVER-OTHER - Revision : 2