rpm package

opensuse/opera&distro=openSUSE Leap 15.1 NonFree

pkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.1%20NonFree

Vulnerabilities (103)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-15964	—	< 71.0.3770.228-lp152.2.18.1	71.0.3770.228-lp152.2.18.1	Sep 21, 2020	Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15963	—	< 71.0.3770.228-lp152.2.18.1	71.0.3770.228-lp152.2.18.1	Sep 21, 2020	Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-15962	—	< 71.0.3770.228-lp152.2.18.1	71.0.3770.228-lp152.2.18.1	Sep 21, 2020	Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-15961	—	< 71.0.3770.228-lp152.2.18.1	71.0.3770.228-lp152.2.18.1	Sep 21, 2020	Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-15960	—	< 71.0.3770.228-lp152.2.18.1	71.0.3770.228-lp152.2.18.1	Sep 21, 2020	Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-15959	—	< 71.0.3770.228-lp152.2.18.1	71.0.3770.228-lp152.2.18.1	Sep 21, 2020	Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
CVE-2020-6536	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.
CVE-2020-6535	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2020-6534	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6533	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6531	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6530	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2020-6529	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.
CVE-2020-6528	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6527	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6526	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6525	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6524	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6523	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6522	—	< 70.0.3728.71-lp151.2.24.1	70.0.3728.71-lp151.2.24.1	Jul 22, 2020	Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2020-15964Sep 21, 2020
affected < 71.0.3770.228-lp152.2.18.1fixed 71.0.3770.228-lp152.2.18.1
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15963Sep 21, 2020
affected < 71.0.3770.228-lp152.2.18.1fixed 71.0.3770.228-lp152.2.18.1
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-15962Sep 21, 2020
affected < 71.0.3770.228-lp152.2.18.1fixed 71.0.3770.228-lp152.2.18.1
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-15961Sep 21, 2020
affected < 71.0.3770.228-lp152.2.18.1fixed 71.0.3770.228-lp152.2.18.1
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVE-2020-15960Sep 21, 2020
affected < 71.0.3770.228-lp152.2.18.1fixed 71.0.3770.228-lp152.2.18.1
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-15959Sep 21, 2020
affected < 71.0.3770.228-lp152.2.18.1fixed 71.0.3770.228-lp152.2.18.1
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.
CVE-2020-6536Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.
CVE-2020-6535Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2020-6534Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6533Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6531Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6530Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2020-6529Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.
CVE-2020-6528Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6527Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2020-6526Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-6525Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6524Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6523Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6522Jul 22, 2020
affected < 70.0.3728.71-lp151.2.24.1fixed 70.0.3728.71-lp151.2.24.1
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Page 4 of 6