Opensuse Leap vulnerabilities

CVE-2019-18390 [HIGH] CWE-125 CVE-2019-18390: An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer t An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.

CVE-2019-18391 [MEDIUM] CWE-787 CVE-2019-18391: A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c i A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

CVE-2019-18388 [MEDIUM] CWE-476 CVE-2019-18388: A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.

CVE-2019-11046 [MEDIUM] CWE-125 CVE-2019-11046: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of s

CVE-2019-11050 [MEDIUM] CWE-125 CVE-2019-11050: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CVE-2019-11045 [MEDIUM] CWE-170 CVE-2019-11045: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accept In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

CVE-2019-17571 [CRITICAL] CWE-502 CVE-2019-17571: Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted dat Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

CVE-2019-19918 [HIGH] CWE-787 CVE-2019-19918: Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.

CVE-2019-19917 [HIGH] CWE-120 CVE-2019-19917: Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.

CVE-2019-19880 [HIGH] CWE-476 CVE-2019-19880: exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer deref exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

CVE-2019-16782 [MEDIUM] CWE-208 CVE-2019-16782: There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vuln There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding

CVE-2019-16779 [MEDIUM] CWE-664 CVE-2019-16779: In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a co In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult

CVE-2019-16776 [HIGH] CWE-22 CVE-2019-16776: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to preve Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the

CVE-2019-16775 [MEDIUM] CWE-61 CVE-2019-16775: Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible fo Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files

CVE-2019-16777 [MEDIUM] CWE-22 CVE-2019-16777: Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to p Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwri

CVE-2019-17358 [HIGH] CWE-502 CVE-2019-17358: Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

CVE-2019-19583 [HIGH] CVE-2019-19583: An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination o

CVE-2019-19604 [HIGH] CWE-78 CVE-2019-19604: Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2. Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.

CVE-2019-14889 [HIGH] CWE-78 CVE-2019-14889: A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8. A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become

CVE-2019-14861 [MEDIUM] CWE-276 CVE-2019-14861: All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new rec