|
2020-11-03
|
CVE-2020-16005
|
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
Debian_linux, Fedora, Chrome, Backports_sle, Leap
|
8.8
|
|
|
|
2020-11-03
|
CVE-2020-16006
|
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
Debian_linux, Fedora, Chrome, Backports_sle, Leap
|
8.8
|
|
|
|
2020-11-03
|
CVE-2020-16007
|
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
|
Debian_linux, Chrome, Backports_sle, Leap
|
7.8
|
|
|
|
2020-11-03
|
CVE-2020-16008
|
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
|
Debian_linux, Fedora, Chrome, Backports_sle, Leap
|
8.8
|
|
|
|
2020-11-03
|
CVE-2020-16011
|
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
|
Debian_linux, Chrome, Backports_sle, Leap
|
9.6
|
|
|
|
2020-11-03
|
CVE-2020-6557
|
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
|
Debian_linux, Fedora, Chrome, Backports_sle
|
6.5
|
|
|
|
2019-04-20
|
CVE-2019-11358
|
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
|
Backdrop, Debian_linux, Drupal, Fedora, Joomla\!, Jquery, Junos, Oncommand_system_manager, Snapcenter, Backports_sle, Leap, Agile_product_lifecycle_management_for_process, Application_express, Application_service_level_management, Application_testing_suite, Banking_digital_experience, Banking_enterprise_collections, Banking_platform, Bi_publisher, Big_data_discovery, Business_process_management_suite, Communications_analytics, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_element_manager, Communications_interactive_session_recorder, Communications_operations_monitor, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_webrtc_session_controller, Diagnostic_assistant, Enterprise_manager_ops_center, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_analytical_applications_reconciliation_framework, Financial_services_asset_liability_management, Financial_services_balance_sheet_planning, Financial_services_basel_regulatory_capital_basic, Financial_services_basel_regulatory_capital_internal_ratings_based_approach, Financial_services_data_foundation, Financial_services_data_governance_for_us_regulatory_reporting, Financial_services_data_integration_hub, Financial_services_enterprise_financial_performance_analytics, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_institutional_performance_analytics, Financial_services_liquidity_risk_management, Financial_services_liquidity_risk_measurement_and_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_profitability_management, Financial_services_regulatory_reporting_for_de_nederlandsche_bank, Financial_services_regulatory_reporting_for_european_banking_authority, Financial_services_regulatory_reporting_for_us_federal_reserve, Financial_services_retail_customer_analytics, Financial_services_retail_performance_analytics, Financial_services_revenue_management_and_billing, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_guest_access, Hospitality_materials_control, Hospitality_simphony, Identity_manager, Insurance_accounting_analyzer, Insurance_allocation_manager_for_enterprise_profitability, Insurance_data_foundation, Insurance_ifrs_17_analyzer, Insurance_insbridge_rating_and_underwriting, Insurance_performance_insight, Jd_edwards_enterpriseone_tools, Jdeveloper, Jdeveloper_and_adf, Knowledge, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Rest_data_services, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_point\-Of\-Service, Retail_returns_management, Service_bus, Siebel_mobile_applications, Siebel_ui_framework, Storagetek_tape_analytics_sw_tool, System_utilities, Tape_library_acsls, Transportation_management, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server, Cloudforms, Virtualization_manager
|
6.1
|
|
|
|
2019-02-11
|
CVE-2019-5736
|
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling,...
|
Mesos, Ubuntu_linux, Dc\/os, Kubernetes_engine, Docker, Fedora, Kubernetes_engine, Onesphere, Lxc, Runc, Service_management_automation, Hci_management_node, Solidfire, Backports_sle, Leap, Container_development_kit, Enterprise_linux, Enterprise_linux_server, Openshift
|
8.6
|
|
|
|
2019-11-22
|
CVE-2019-10206
|
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
|
Debian_linux, Backports_sle, Leap, Ansible
|
6.5
|
|
|
|
2018-12-14
|
CVE-2018-16873
|
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a...
|
Debian_linux, Go, Backports_sle, Leap, Linux_enterprise_server
|
8.1
|
|
|