openSUSE Backports SLE-15 Service Pack 1

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.

Published: 2020-01-08T20:43:51.000Z
Updated: 2024-08-04T09:11:04.662Z

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Published: 2020-06-03T22:50:37.000Z
Updated: 2024-08-04T09:02:40.718Z

Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: 2020-06-03T22:50:36.000Z
Updated: 2024-08-04T09:02:40.696Z

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.

Published: 2020-04-13T17:31:03.000Z
Updated: 2024-08-04T09:02:40.786Z

Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:31:03.000Z
Updated: 2024-08-04T09:02:40.703Z

Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2020-04-13T17:31:02.000Z
Updated: 2024-08-04T09:02:40.718Z

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: 2020-04-13T17:30:59.000Z
Updated: 2024-08-04T09:02:40.545Z

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: 2020-04-13T17:30:59.000Z
Updated: 2024-08-04T09:02:40.621Z

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.

Published: 2020-04-13T17:30:58.000Z
Updated: 2024-08-04T09:02:40.476Z

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2020-04-13T17:30:57.000Z
Updated: 2024-08-04T09:02:40.455Z

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

Published: 2020-04-13T17:30:57.000Z
Updated: 2024-08-04T09:02:40.680Z

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

Published: 2020-04-13T17:30:56.000Z
Updated: 2024-08-04T09:02:40.463Z

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

Published: 2020-04-13T17:30:56.000Z
Updated: 2024-08-04T09:02:40.420Z

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.

Published: 2020-04-13T17:30:55.000Z
Updated: 2024-08-04T09:02:40.479Z

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

Published: 2020-04-13T17:30:54.000Z
Updated: 2024-08-04T09:02:40.387Z

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-04-13T17:30:53.000Z
Updated: 2024-08-04T09:02:40.624Z

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Published: 2020-04-13T17:30:52.000Z
Updated: 2024-08-04T09:02:40.538Z

Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.

Published: 2020-04-13T17:30:52.000Z
Updated: 2024-08-04T09:02:40.716Z

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.

Published: 2020-03-23T12:35:36.000Z
Updated: 2024-08-04T09:02:40.618Z

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.

Published: 2020-01-21T17:54:04.000Z
Updated: 2024-08-04T08:22:08.913Z

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

Published: 2020-07-17T00:00:00.000Z
Updated: 2024-08-04T13:30:22.339Z

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

Published: 2020-06-22T19:13:34.000Z
Updated: 2024-08-04T13:00:52.077Z

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.

Published: 2020-03-24T15:28:05.000Z
Updated: 2024-08-04T11:21:12.992Z

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.

Published: 2020-03-23T12:16:48.000Z
Updated: 2024-08-04T11:06:10.160Z

Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: 2020-02-13T18:21:11.000Z
Updated: 2024-08-04T06:02:52.206Z

Double Free in VLC versions <= 3.0.6 leads to a crash.

Published: 2019-07-30T20:38:22.000Z
Updated: 2024-08-04T19:54:53.471Z

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.

Published: 2019-12-03T21:55:47.000Z
Updated: 2024-08-04T19:47:56.616Z

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

Published: 2019-12-27T21:59:11.000Z
Updated: 2024-08-05T02:32:10.521Z

In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.

Published: 2019-12-24T00:06:51.000Z
Updated: 2024-08-05T02:32:10.039Z

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.

Published: 2019-12-24T00:07:02.000Z
Updated: 2024-08-05T02:32:09.987Z

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.

Published: 2019-12-24T00:07:10.000Z
Updated: 2024-08-05T02:32:10.403Z

The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.

Published: 2020-01-23T15:00:20.234Z
Updated: 2024-09-17T01:25:34.093Z

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

Published: 2019-09-23T11:46:10.000Z
Updated: 2024-08-05T01:17:41.179Z

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.

Published: 2020-02-04T19:08:57.000Z
Updated: 2024-08-05T00:56:20.901Z

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.

Published: 2020-02-04T19:08:57.000Z
Updated: 2024-08-05T00:56:20.890Z

An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.

Published: 2019-08-02T11:18:12.000Z
Updated: 2024-08-05T00:19:41.098Z

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: 2019-12-10T21:01:44.000Z
Updated: 2024-08-05T00:05:43.749Z

Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:43.710Z

Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:43.919Z

Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:42.213Z

Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

Published: 2019-11-25T14:22:55.000Z
Updated: 2024-08-05T00:05:42.212Z

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.

Published: 2019-05-14T20:24:29.000Z
Updated: 2024-08-04T22:48:09.093Z

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

Published: 2019-07-30T22:16:59.000Z
Updated: 2024-08-04T22:10:10.003Z

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.

Published: 2019-03-15T18:00:00.000Z
Updated: 2024-08-05T11:58:18.260Z

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

Published: 2018-12-26T20:00:00.000Z
Updated: 2024-08-05T11:44:20.667Z