Summary
| Detail | |||
|---|---|---|---|
| Vendor | Opensuse | First view | 2019-03-13 |
| Product | Backports Sle | Last view | 2020-11-03 |
| Version | 15.0 | Type | Application |
| Update | sp2 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:opensuse:backports_sle | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2020-11-03 | CVE-2020-6557 | Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16009 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16008 | Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. |
| 7.8 | 2020-11-03 | CVE-2020-16007 | Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. |
| 8.8 | 2020-11-03 | CVE-2020-16006 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16005 | Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16004 | Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16003 | Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16002 | Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| 8.8 | 2020-11-03 | CVE-2020-16001 | Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-16000 | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 9.6 | 2020-11-03 | CVE-2020-15999 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15992 | Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15991 | Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15990 | Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
| 5.5 | 2020-11-03 | CVE-2020-15989 | Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. |
| 8.8 | 2020-11-03 | CVE-2020-15987 | Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. |
| 6.5 | 2020-11-03 | CVE-2020-15986 | Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 6.5 | 2020-11-03 | CVE-2020-15985 | Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. |
| 7.8 | 2020-11-03 | CVE-2020-15983 | Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. |
| 6.5 | 2020-11-03 | CVE-2020-15982 | Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| 6.5 | 2020-11-03 | CVE-2020-15981 | Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15979 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15975 | Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 8.8 | 2020-11-03 | CVE-2020-15974 | Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 34% (30) | CWE-787 | Out-of-bounds Write |
| 21% (19) | CWE-416 | Use After Free |
| 5% (5) | CWE-190 | Integer Overflow or Wraparound |
| 5% (5) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 3% (3) | CWE-200 | Information Exposure |
| 3% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 3% (3) | CWE-20 | Improper Input Validation |
| 2% (2) | CWE-362 | Race Condition |
| 2% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 1% (1) | CWE-755 | Improper Handling of Exceptional Conditions |
| 1% (1) | CWE-476 | NULL Pointer Dereference |
| 1% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 1% (1) | CWE-319 | Cleartext Transmission of Sensitive Information |
| 1% (1) | CWE-307 | Improper Restriction of Excessive Authentication Attempts |
| 1% (1) | CWE-295 | Certificate Issues |
| 1% (1) | CWE-281 | Improper Preservation of Permissions |
| 1% (1) | CWE-276 | Incorrect Default Permissions |
| 1% (1) | CWE-209 | Information Exposure Through an Error Message |
| 1% (1) | CWE-203 | Information Exposure Through Discrepancy |
| 1% (1) | CWE-125 | Out-of-bounds Read |
| 1% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 1% (1) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
| 1% (1) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2021-02-02 | Grafana Labs Grafana denial of service attempt RuleID : 56822 - Type : SERVER-WEBAPP - Revision : 3 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2 |
