Opensuse: Security Vulnerabilities
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-01-08
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
CVSS Score
9.1
EPSS Score
0.009
Published
2020-01-08
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-01-08
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
CVSS Score
3.5
EPSS Score
0.004
Published
2020-01-06
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-01-03
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-01-03
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-01-03
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
CVSS Score
5.7
EPSS Score
0.009
Published
2020-01-02