Opensuse Leap vulnerabilities

CVE-2018-20855 [LOW] CWE-119 CVE-2018-20855: An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

CVE-2019-1010180 [HIGH] CWE-125 CVE-2019-1010180: GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: De GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.

CVE-2019-14250 [MEDIUM] CWE-190 CVE-2019-14250: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_mat An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

CVE-2019-11710 [CRITICAL] CWE-787 CVE-2019-11710: Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.

CVE-2019-11709 [CRITICAL] CWE-787 CVE-2019-11709: Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firef Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 6

CVE-2019-2859 [HIGH] CVE-2019-2859: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnera

CVE-2019-2866 [HIGH] CVE-2019-2866: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulner

CVE-2019-2864 [HIGH] CVE-2019-2864: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vuln

CVE-2019-9811 [HIGH] CWE-74 CVE-2019-9811: As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malic As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

CVE-2019-11723 [HIGH] CWE-346 CVE-2019-11723: A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68.

CVE-2019-2867 [HIGH] CWE-787 CVE-2019-2867: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While th

CVE-2019-2865 [HIGH] CVE-2019-2865: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vuln

CVE-2019-2762 [MEDIUM] CVE-2019-2762: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su

CVE-2019-11730 [MEDIUM] CVE-2019-11730: A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in comb

CVE-2019-11720 [MEDIUM] CWE-79 CVE-2019-11720: Some unicode characters are incorrectly treated as whitespace during the parsing of web content inst Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68.

CVE-2019-11728 [MEDIUM] CWE-668 CVE-2019-11728: The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.

CVE-2019-2877 [MEDIUM] CVE-2019-2877: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful atta

CVE-2019-2805 [MEDIUM] CVE-2019-2805: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supporte Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabi

CVE-2019-11717 [MEDIUM] CWE-116 CVE-2019-11717: A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

CVE-2019-11718 [MEDIUM] CWE-74 CVE-2019-11718: Activity Stream can display content from sent from the Snippet Service website. This content is writ Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Fire