Opensuse Leap vulnerabilities

CVE-2019-20009 [MEDIUM] CWE-770 CVE-2019-20009: An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessi An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.

CVE-2019-20053 [MEDIUM] CWE-119 CVE-2019-20053: An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

CVE-2019-20012 [MEDIUM] CWE-770 CVE-2019-20012: An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memo An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.

CVE-2019-15695 [HIGH] CWE-121 CVE-2019-15695: TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered fr TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially r

CVE-2019-15692 [HIGH] CWE-122 CVE-2019-15692: TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be trigg TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

CVE-2019-15694 [HIGH] CWE-122 CVE-2019-15694: TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered fro TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivit

CVE-2019-15691 [HIGH] CWE-825 CVE-2019-15691: TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorr TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentiall

CVE-2019-19966 [MEDIUM] CWE-416 CVE-2019-19966: In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpi In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.

CVE-2019-19965 [MEDIUM] CWE-476 CVE-2019-19965: In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_di In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

CVE-2019-19949 [CRITICAL] CWE-125 CVE-2019-19949: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.

CVE-2019-19953 [CRITICAL] CWE-125 CVE-2019-19953: In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function E In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.

CVE-2019-19950 [CRITICAL] CWE-416 CVE-2019-19950: In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLog In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.

CVE-2019-19951 [CRITICAL] CWE-787 CVE-2019-19951: In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function Im In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.

CVE-2019-19948 [CRITICAL] CWE-787 CVE-2019-19948: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

CVE-2019-19925 [HIGH] CWE-434 CVE-2019-19925: zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

CVE-2019-19923 [HIGH] CWE-476 CVE-2019-19923: flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

CVE-2019-19926 [HIGH] CVE-2019-19926: multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated b multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

CVE-2019-12418 [HIGH] CVE-2019-12418: When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacke

CVE-2019-17563 [HIGH] CWE-384 CVE-2019-17563: When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

CVE-2019-18389 [HIGH] CWE-787 CVE-2019-18389: A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c i A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.