Opensuse Leap vulnerabilities

CVE-2019-15939 [MEDIUM] CWE-369 CVE-2019-15939: An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDe An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.

CVE-2017-18595 [HIGH] CWE-415 CVE-2017-18595: An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the funct An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.

CVE-2019-15917 [HIGH] CWE-416 CVE-2019-15917: An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_u An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.

CVE-2019-15920 [MEDIUM] CWE-416 CVE-2019-15920: An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use- An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.

CVE-2019-15921 [MEDIUM] CWE-401 CVE-2019-15921: An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_allo An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.

CVE-2019-15902 [MEDIUM] CWE-200 CVE-2019-15902: A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate.

CVE-2019-15919 [LOW] CWE-416 CVE-2019-15919: An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

CVE-2019-14817 [HIGH] CWE-648 CVE-2019-14817: A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures w A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVE-2019-14811 [HIGH] CWE-648 CVE-2019-14811: A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure wher A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVE-2019-15847 [HIGH] CWE-331 CVE-2019-15847: The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin

CVE-2019-15666 [MEDIUM] CWE-125 CVE-2019-15666: An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.

CVE-2019-15538 [HIGH] CWE-400 CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2. An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well

CVE-2019-10086 [HIGH] CWE-502 CVE-2019-10086: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressi In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

CVE-2019-2126 [HIGH] CWE-415 CVE-2019-2126: In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-

CVE-2019-15221 [MEDIUM] CWE-476 CVE-2019-15221: An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference cause An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.

CVE-2019-15216 [MEDIUM] CWE-476 CVE-2019-15216: An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference cause An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.

CVE-2019-15219 [MEDIUM] CWE-476 CVE-2019-15219: An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.

CVE-2019-15215 [MEDIUM] CWE-416 CVE-2019-15215: An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a mali An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

CVE-2019-15220 [MEDIUM] CWE-416 CVE-2019-15220: An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a mali An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.

CVE-2019-15211 [MEDIUM] CWE-416 CVE-2019-15211: An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a mali An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.