Opensuse Backports vulnerabilities

CVE-2019-5787 [HIGH] CWE-416 CVE-2019-5787: Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attack Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5790 [HIGH] CWE-190 CVE-2019-5790: An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prio An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2019-5789 [HIGH] CWE-190 CVE-2019-5789: An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 7 An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

CVE-2019-5795 [HIGH] CWE-190 CVE-2019-5795: Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to poten Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

CVE-2019-5788 [HIGH] CWE-190 CVE-2019-5788: An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

CVE-2019-5792 [HIGH] CWE-190 CVE-2019-5792: Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to poten Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

CVE-2019-5799 [MEDIUM] CWE-20 CVE-2019-5799: Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior t Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2019-5798 [MEDIUM] CWE-125 CVE-2019-5798: Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote atta Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2019-5803 [MEDIUM] CWE-20 CVE-2019-5803: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 al Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2019-5801 [MEDIUM] CWE-20 CVE-2019-5801: Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2019-5800 [MEDIUM] CWE-20 CVE-2019-5800: Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote att Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2019-5804 [MEDIUM] CWE-88 CVE-2019-5804: Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local a Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

CVE-2019-5793 [MEDIUM] CWE-20 CVE-2019-5793: Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remot Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

CVE-2019-11328 [HIGH] CWE-732 CVE-2019-11328: An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network acces An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing//`. The manipulation of those files can change the behavior of the starter-suid program wh

CVE-2018-20177 [CRITICAL] CWE-190 CVE-2018-20177: rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.

CVE-2018-19873 [CRITICAL] CWE-119 CVE-2018-19873: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.