Opensuse Backports Sle vulnerabilities

CVE-2019-7635 [HIGH] CWE-125 CVE-2019-7635: SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-rea SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

CVE-2019-7548 [HIGH] CWE-89 CVE-2019-7548: SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

CVE-2018-16874 [HIGH] CWE-20 CVE-2018-16874: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traver In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cm

CVE-2018-16873 [HIGH] CWE-20 CVE-2018-16873: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code exec In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://

CVE-2018-19052 [HIGH] CWE-22 CVE-2018-19052: An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. Ther An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.