Opensuse: Security Vulnerabilities
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-08
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.
CVSS Score
3.5
EPSS Score
0.005
Published
2020-01-06
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-01-03
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-01-03
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-01-03
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
CVSS Score
5.7
EPSS Score
0.009
Published
2020-01-02
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.
CVSS Score
6.0
EPSS Score
0.002
Published
2019-12-31
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-30