Every CVE whose affected-product data names Opensuse Backports, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (97)
CVE-2019-19951 — CVSS 9.8 (critical): In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
CVE-2020-10938 — CVSS 9.8 (critical): GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
CVE-2018-20177 — CVSS 9.8 (critical): rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function…
CVE-2019-19950 — CVSS 9.8 (critical): In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
CVE-2020-14983 — CVSS 9.8 (critical): The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer…
CVE-2020-6493 — CVSS 9.6 (critical): Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer…
CVE-2019-19953 — CVSS 9.1 (critical): In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
CVE-2019-5829 — CVSS 8.8 (high): Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds…
CVE-2020-6443 — CVSS 8.8 (high): Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user…
CVE-2019-5831 — CVSS 8.8 (high): Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5816 — CVSS 8.8 (high): Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an…
CVE-2019-5813 — CVSS 8.8 (high): Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2020-6439 — CVSS 8.8 (high): Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a…
CVE-2019-5836 — CVSS 8.8 (high): Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5811 — CVSS 8.8 (high): Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy…
CVE-2019-13730 — CVSS 8.8 (high): Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5787 — CVSS 8.8 (high): Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap…
CVE-2019-5788 — CVSS 8.8 (high): An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote…
CVE-2019-5789 — CVSS 8.8 (high): An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker…
CVE-2019-5790 — CVSS 8.8 (high): An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote…
CVE-2019-5791 — CVSS 8.8 (high): Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read…
CVE-2019-5792 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory…
CVE-2019-11328 — CVSS 8.8 (high): An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could…
CVE-2019-5795 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory…
CVE-2020-6455 — CVSS 8.8 (high): Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6452 — CVSS 8.8 (high): Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2019-13723 — CVSS 8.8 (high): Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process…
CVE-2019-5809 — CVSS 8.8 (high): Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process…
CVE-2019-5806 — CVSS 8.8 (high): Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap…
CVE-2019-5808 — CVSS 8.8 (high): Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5807 — CVSS 8.8 (high): Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5820 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5821 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5822 — CVSS 8.8 (high): Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a…
CVE-2019-5817 — CVSS 8.8 (high): Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap…
CVE-2019-5824 — CVSS 8.8 (high): Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-5827 — CVSS 8.8 (high): Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap…
CVE-2019-5828 — CVSS 8.8 (high): Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of…
CVE-2019-7443 — CVSS 8.1 (high): KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp…
CVE-2019-15613 — CVSS 8.0 (high): A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
CVE-2019-14524 — CVSS 7.8 (high): An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in…
CVE-2019-5819 — CVSS 7.8 (high): Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute…
CVE-2021-45082 — CVSS 7.8 (high): An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to…
CVE-2020-0561 — CVSS 7.8 (high): Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of…
CVE-2019-5163 — CVSS 7.5 (high): An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream…
CVE-2020-10592 — CVSS 7.5 (high): Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU…
CVE-2019-5805 — CVSS 6.5 (medium): Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13713 — CVSS 6.5 (medium): Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data…
CVE-2019-5793 — CVSS 6.5 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions…
CVE-2019-5798 — CVSS 6.5 (medium): Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory…
CVE-2019-5799 — CVSS 6.5 (medium): Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote…
CVE-2019-5800 — CVSS 6.5 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy…
CVE-2019-5801 — CVSS 6.5 (medium): Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via…
CVE-2019-5803 — CVSS 6.5 (medium): Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass…
CVE-2019-5810 — CVSS 6.5 (medium): Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information…
CVE-2019-5814 — CVSS 6.5 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-5818 — CVSS 6.5 (medium): Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information…
CVE-2019-5830 — CVSS 6.5 (medium): Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-5832 — CVSS 6.5 (medium): Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin…
CVE-2019-5834 — CVSS 6.5 (medium): Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a…
CVE-2019-5835 — CVSS 6.5 (medium): Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds…
CVE-2019-5837 — CVSS 6.5 (medium): Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a…
CVE-2020-6445 — CVSS 6.5 (medium): Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content…
CVE-2020-6446 — CVSS 6.5 (medium): Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content…
CVE-2020-6456 — CVSS 6.5 (medium): Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site…
CVE-2020-6495 — CVSS 6.5 (medium): Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to…
CVE-2020-6610 — CVSS 6.5 (medium): GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
CVE-2019-18899 — CVSS 6.2 (medium): The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can…
CVE-2020-15803 — CVSS 6.1 (medium): Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL…
CVE-2020-5202 — CVSS 5.5 (medium): apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The…
CVE-2019-5804 — CVSS 5.5 (medium): Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via…
CVE-2019-13707 — CVSS 5.5 (medium): Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak…
CVE-2021-46141 — CVSS 5.5 (medium): An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
CVE-2021-46142 — CVSS 5.5 (medium): An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
CVE-2019-20053 — CVSS 5.5 (medium): An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVE-2019-5823 — CVSS 5.4 (medium): Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation…
CVE-2020-6425 — CVSS 5.4 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a…
CVE-2019-13711 — CVSS 5.3 (medium): Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data…
CVE-2019-15624 — CVSS 4.9 (medium): Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
CVE-2020-6441 — CVSS 4.3 (medium): Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a…
CVE-2020-6442 — CVSS 4.3 (medium): Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a…
CVE-2020-6435 — CVSS 4.3 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the…
CVE-2020-6433 — CVSS 4.3 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation…
CVE-2020-6432 — CVSS 4.3 (medium): Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation…
CVE-2019-10163 — CVSS 4.3 (medium): A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to…
CVE-2019-13705 — CVSS 4.3 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a…
CVE-2019-5838 — CVSS 4.3 (medium): Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to…
CVE-2019-5839 — CVSS 4.3 (medium): Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a…
CVE-2019-5840 — CVSS 4.3 (medium): Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation…
CVE-2019-5833 — CVSS 4.3 (medium): Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading…
CVE-2020-6437 — CVSS 4.3 (medium): Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted…
CVE-2020-6431 — CVSS 4.3 (medium): Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a…
CVE-2020-6440 — CVSS 4.3 (medium): Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a…