openSUSE Backports SLE-15

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.680Z

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.612Z

Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.212Z

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.559Z

Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.594Z

Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.392Z

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.618Z

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.381Z

Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.515Z

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.650Z

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.235Z

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.945Z

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.729Z

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Published: 2019-06-27T16:13:44.000Z
Updated: 2024-08-04T20:09:23.664Z

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Published: 2019-06-27T16:13:43.000Z
Updated: 2024-08-04T20:09:23.135Z

Double Free in VLC versions <= 3.0.6 leads to a crash.

Published: 2019-07-30T20:38:22.000Z
Updated: 2024-08-04T19:54:53.471Z

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

Published: 2019-09-23T11:46:10.000Z
Updated: 2024-08-05T01:17:41.179Z

An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.

Published: 2019-08-02T11:18:12.000Z
Updated: 2024-08-05T00:19:41.098Z

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:43.648Z

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.

Published: 2019-05-14T20:24:29.000Z
Updated: 2024-08-04T22:48:09.093Z

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

Published: 2019-07-30T22:16:59.000Z
Updated: 2024-08-04T22:10:10.003Z