Opensuse Backports Sle vulnerabilities

CVE-2019-13767 [HIGH] CWE-416 CVE-2019-13767: Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6377 [HIGH] CWE-416 CVE-2020-6377: Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potenti Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-1765 [MEDIUM] CWE-472 CVE-2020-1765: An improper control of parameters allows the spoofing of the from fields of the following screens: A An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior v

CVE-2020-6614 [HIGH] CWE-125 CVE-2020-6614: GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

CVE-2020-6612 [HIGH] CWE-125 CVE-2020-6612: GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.

CVE-2020-6609 [HIGH] CWE-125 CVE-2020-6609: GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

CVE-2020-6613 [HIGH] CWE-125 CVE-2020-6613: GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

CVE-2020-6611 [MEDIUM] CWE-476 CVE-2020-6611: GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

CVE-2020-6615 [MEDIUM] CWE-476 CVE-2020-6615: GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (d GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

CVE-2019-18179 [MEDIUM] CVE-2019-18179: An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edi An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.

CVE-2019-5844 [MEDIUM] CWE-787 CVE-2019-5844: Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5846 [MEDIUM] CWE-787 CVE-2019-5846: Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5845 [MEDIUM] CWE-787 CVE-2019-5845: Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-14864 [MEDIUM] CWE-117 CVE-2019-14864: Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, i Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

CVE-2019-20011 [HIGH] CWE-125 CVE-2019-20011: An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.

CVE-2019-20010 [HIGH] CWE-416 CVE-2019-20010: An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.

CVE-2019-20014 [HIGH] CWE-415 CVE-2019-20014: An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.

CVE-2019-20015 [MEDIUM] CWE-770 CVE-2019-20015: An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memo An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.

CVE-2019-20013 [MEDIUM] CWE-770 CVE-2019-20013: An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessi An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

CVE-2019-20009 [MEDIUM] CWE-770 CVE-2019-20009: An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessi An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.