threat
engine
.sh
Back
·
··:··
Home
/
Product
/
opensuse backports
Product
opensuse backports
99 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-45082
all versions
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah
7.8
HIGH
CVE-2021-46142
all versions
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
5.5
MEDIUM
CVE-2021-46141
all versions
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
5.5
MEDIUM
CVE-2020-15803
all versions
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in
6.1
MEDIUM
CVE-2020-14983
all versions
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buff
9.8
CRITICAL
CVE-2020-6495
all versions
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user
6.5
MEDIUM
CVE-2020-6493
all versions
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the rende
9.6
CRITICAL
CVE-2020-6456
all versions
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass
6.5
MEDIUM
CVE-2020-6455
all versions
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corrupti
8.8
HIGH
CVE-2020-6452
all versions
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corrup
8.8
HIGH
CVE-2020-6446
all versions
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass conten
6.5
MEDIUM
CVE-2020-6445
all versions
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass conten
6.5
MEDIUM
CVE-2020-6443
all versions
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced
8.8
HIGH
CVE-2020-6442
all versions
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data v
4.3
MEDIUM
CVE-2020-6441
all versions
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI
4.3
MEDIUM
CVE-2020-6440
all versions
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to inst
4.3
MEDIUM
CVE-2020-6439
all versions
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security
8.8
HIGH
CVE-2020-6437
all versions
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via
4.3
MEDIUM
CVE-2020-6435
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised
4.3
MEDIUM
CVE-2020-6433
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigatio
4.3
MEDIUM
CVE-2020-6432
all versions
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigati
4.3
MEDIUM
CVE-2020-6431
all versions
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security
4.3
MEDIUM
CVE-2020-10938
all versions
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/comp
9.8
CRITICAL
CVE-2020-6425
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to
5.4
MEDIUM
CVE-2020-10592
all versions
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU co
7.5
HIGH
CVE-2020-0561
all versions
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation
7.8
HIGH
CVE-2019-15624
all versions
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
4.9
MEDIUM
CVE-2019-15613
all versions
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mime
8.0
HIGH
CVE-2019-18899
all versions
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. T
6.2
MEDIUM
CVE-2020-5202
all versions
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt
5.5
MEDIUM
CVE-2020-6610
all versions
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
6.5
MEDIUM
CVE-2019-20053
all versions
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file
5.5
MEDIUM
CVE-2019-19953
all versions
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
9.1
CRITICAL
CVE-2019-19951
all versions
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c
9.8
CRITICAL
CVE-2019-19950
all versions
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c
9.8
CRITICAL
CVE-2019-13730
all versions
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupti
8.8
HIGH
CVE-2019-5163
all versions
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a S
7.5
HIGH
CVE-2019-13723
all versions
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer
8.8
HIGH
CVE-2019-13713
all versions
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origi
6.5
MEDIUM
CVE-2019-13711
all versions
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origi
5.3
MEDIUM
CVE-2019-13707
all versions
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker t
5.5
MEDIUM
CVE-2019-13705
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to i
4.3
MEDIUM
CVE-2019-16709
all versions
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
6.5
MEDIUM
CVE-2019-14524
all versions
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patte
7.8
HIGH
CVE-2019-10163
all versions
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master
4.3
MEDIUM
CVE-2019-5460
all versions
Double Free in VLC versions <= 3.0.6 leads to a crash.
5.5
MEDIUM
CVE-2019-5459
all versions
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
7.1
HIGH
CVE-2019-5840
all versions
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigatio
4.3
MEDIUM
CVE-2019-5839
all versions
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to i
4.3
MEDIUM
CVE-2019-5838
all versions
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user
4.3
MEDIUM
CVE-2019-5837
all versions
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin d
6.5
MEDIUM
CVE-2019-5836
all versions
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corrupt
8.8
HIGH
CVE-2019-5835
all versions
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out
6.5
MEDIUM
CVE-2019-5834
all versions
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing
6.5
MEDIUM
CVE-2019-5833
all versions
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display mis
4.3
MEDIUM
CVE-2019-5832
all versions
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-o
6.5
MEDIUM
CVE-2019-5831
all versions
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corrupti
8.8
HIGH
CVE-2019-5830
all versions
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data
6.5
MEDIUM
CVE-2019-5829
all versions
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out o
8.8
HIGH
CVE-2019-5828
all versions
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform ou
8.8
HIGH
CVE-2019-5827
all versions
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit hea
8.8
HIGH
CVE-2019-5824
all versions
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap cor
8.8
HIGH
CVE-2019-5823
all versions
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass nav
5.4
MEDIUM
CVE-2019-5822
all versions
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin poli
8.8
HIGH
CVE-2019-5821
all versions
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruptio
8.8
HIGH
CVE-2019-5820
all versions
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruptio
8.8
HIGH
CVE-2019-5819
all versions
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execut
7.8
HIGH
CVE-2019-5818
all versions
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive info
6.5
MEDIUM
CVE-2019-5817
all versions
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit
8.8
HIGH
CVE-2019-5816
all versions
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persi
8.8
HIGH
CVE-2019-5814
all versions
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin da
6.5
MEDIUM
CVE-2019-5813
all versions
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via
8.8
HIGH
CVE-2019-5811
all versions
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origi
8.8
HIGH
CVE-2019-5810
all versions
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive inf
6.5
MEDIUM
CVE-2019-5809
all versions
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer
8.8
HIGH
CVE-2019-5808
all versions
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption v
8.8
HIGH
CVE-2019-5807
all versions
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corrupti
8.8
HIGH
CVE-2019-5806
all versions
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap
8.8
HIGH
CVE-2019-5805
all versions
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption
6.5
MEDIUM
CVE-2019-5804
all versions
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoo
5.5
MEDIUM
CVE-2019-5803
all versions
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to byp
6.5
MEDIUM
CVE-2019-5801
all versions
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spo
6.5
MEDIUM
CVE-2019-5800
all versions
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content securi
6.5
MEDIUM
CVE-2019-5799
all versions
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remot
6.5
MEDIUM
CVE-2019-5798
all versions
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of boun
6.5
MEDIUM
CVE-2019-5795
all versions
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds m
8.8
HIGH
CVE-2019-5793
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the ext
6.5
MEDIUM
CVE-2019-5792
all versions
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds m
8.8
HIGH
CVE-2019-5791
all versions
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memo
8.8
HIGH
CVE-2019-5790
all versions
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a re
8.8
HIGH
CVE-2019-5789
all versions
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote a
8.8
HIGH
CVE-2019-5788
all versions
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remo
8.8
HIGH
CVE-2019-5787
all versions
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap
8.8
HIGH
CVE-2019-11328
all versions
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh
8.8
HIGH
CVE-2019-7443
all versions
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperPro
8.1
HIGH
CVE-2019-6690
all versions
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the att
7.5
HIGH
CVE-2018-20177
all versions
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the functio
9.8
CRITICAL
CVE-2019-9211
all versions
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in
6.5
MEDIUM
CVE-2018-19873
all versions
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin