Opensuse Leap vulnerabilities

CVE-2020-2654 [LOW] CVE-2020-2654: Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions th Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized a

CVE-2020-2583 [LOW] CWE-755 CVE-2020-2583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedd

CVE-2020-2590 [LOW] CVE-2020-2590: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks

CVE-2019-19728 [HIGH] CWE-269 CVE-2019-19728: SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

CVE-2019-19727 [MEDIUM] CWE-732 CVE-2019-19727: SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

CVE-2020-6377 [HIGH] CWE-416 CVE-2020-6377: Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potenti Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-1765 [MEDIUM] CWE-472 CVE-2020-1765: An improper control of parameters allows the spoofing of the from fields of the following screens: A An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior v

CVE-2019-20372 [MEDIUM] CWE-444 CVE-2019-20372: NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demon NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

CVE-2019-20367 [CRITICAL] CWE-125 CVE-2019-20367: nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

CVE-2019-11745 [HIGH] CWE-787 CVE-2019-11745: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVE-2019-17011 [HIGH] CWE-362 CVE-2019-17011: Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a rac Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVE-2020-6614 [HIGH] CWE-125 CVE-2020-6614: GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

CVE-2019-17010 [HIGH] CWE-362 CVE-2019-17010: Under certain conditions, when checking the Resist Fingerprinting preference during device orientati Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVE-2019-17009 [HIGH] CVE-2019-17009: When running, the updater service wrote status and log files to an unrestricted location; potentiall When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Th

CVE-2019-17012 [HIGH] CWE-787 CVE-2019-17012: Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of t Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVE-2019-17024 [HIGH] CWE-787 CVE-2019-17024: Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of t Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

CVE-2019-17008 [HIGH] CWE-416 CVE-2019-17008: When using nested workers, a use-after-free could occur during worker destruction. This resulted in When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVE-2020-6612 [HIGH] CWE-125 CVE-2020-6612: GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.

CVE-2019-17005 [HIGH] CWE-787 CVE-2019-17005: The plain text serializer used a fixed-size array for the number of <ol> elements it could process; The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVE-2020-6609 [HIGH] CWE-125 CVE-2020-6609: GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.