Opensuse Leap vulnerabilities

CVE-2019-9278 [HIGH] CWE-190 CVE-2019-9278: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to r In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

CVE-2019-9433 [MEDIUM] CWE-20 CVE-2019-9433: In libvpx, there is a possible information disclosure due to improper input validation. This could l In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354

CVE-2019-11738 [MEDIUM] CVE-2019-11738: If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

CVE-2019-9371 [MEDIUM] CWE-20 CVE-2019-9371: In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254

CVE-2019-9325 [MEDIUM] CWE-125 CVE-2019-9325: In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302

CVE-2019-10092 [MEDIUM] CWE-79 CVE-2019-10092: In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that

CVE-2019-16884 [HIGH] CWE-863 CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor res runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

CVE-2019-13627 [MEDIUM] CWE-203 CVE-2019-13627: It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Ver It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

CVE-2019-16746 [CRITICAL] CWE-120 CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not ch An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

CVE-2019-12068 [LOW] CWE-835 CVE-2019-12068: In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10 In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit af

CVE-2019-16708 [MEDIUM] CWE-401 CVE-2019-16708: ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.

CVE-2019-16711 [MEDIUM] CWE-401 CVE-2019-16711: ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.

CVE-2019-16710 [MEDIUM] CWE-401 CVE-2019-16710: ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in Ma ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

CVE-2019-16712 [MEDIUM] CWE-401 CVE-2019-16712: ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by W ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.

CVE-2019-16709 [MEDIUM] CWE-401 CVE-2019-16709: ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

CVE-2019-16713 [MEDIUM] CWE-401 CVE-2019-16713: ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/c ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.

CVE-2019-14814 [HIGH] CWE-122 CVE-2019-14814: There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marve There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

CVE-2019-14816 [HIGH] CWE-122 CVE-2019-14816: There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wif There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

CVE-2019-14821 [HIGH] CWE-787 CVE-2019-14821: An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Li An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process.

CVE-2019-11779 [MEDIUM] CWE-754 CVE-2019-11779: In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet c In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.