Opensuse Leap vulnerabilities

CVE-2020-6613 [HIGH] CWE-125 CVE-2020-6613: GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

CVE-2019-17021 [MEDIUM] CWE-362 CVE-2019-17021: During the initialization of a new content process, a race condition occurs that can allow a content During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

CVE-2019-5188 [MEDIUM] CWE-787 CVE-2019-5188: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1 A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

CVE-2020-6611 [MEDIUM] CWE-476 CVE-2020-6611: GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

CVE-2020-6610 [MEDIUM] CWE-770 CVE-2020-6610: GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_ GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.

CVE-2020-6615 [MEDIUM] CWE-476 CVE-2020-6615: GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (d GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

CVE-2019-18179 [MEDIUM] CVE-2019-18179: An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edi An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.

CVE-2020-5496 [HIGH] CWE-787 CVE-2020-5496: FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesa FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.

CVE-2020-5395 [HIGH] CWE-416 CVE-2020-5395: FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.

CVE-2019-5844 [MEDIUM] CWE-787 CVE-2019-5844: Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5846 [MEDIUM] CWE-787 CVE-2019-5846: Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5845 [MEDIUM] CWE-787 CVE-2019-5845: Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-14864 [MEDIUM] CWE-117 CVE-2019-14864: Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, i Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

CVE-2019-19927 [MEDIUM] CWE-125 CVE-2019-19927: In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.

CVE-2019-20095 [MEDIUM] CWE-401 CVE-2019-20095: mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 h mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.

CVE-2019-20011 [HIGH] CWE-125 CVE-2019-20011: An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.

CVE-2019-20010 [HIGH] CWE-416 CVE-2019-20010: An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.

CVE-2019-20014 [HIGH] CWE-415 CVE-2019-20014: An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.

CVE-2019-20015 [MEDIUM] CWE-770 CVE-2019-20015: An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memo An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.

CVE-2019-20013 [MEDIUM] CWE-770 CVE-2019-20013: An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessi An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.