Opensuse Leap vulnerabilities

CVE-2019-2769 [MEDIUM] CVE-2019-2769: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su

CVE-2019-11724 [MEDIUM] CWE-863 CVE-2019-11724: Application permissions give additional remote troubleshooting permission to the site input.mozilla. Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68.

CVE-2019-2737 [MEDIUM] CVE-2019-2737: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this

CVE-2019-11721 [MEDIUM] CVE-2019-11721: The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. T The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68.

CVE-2019-2848 [MEDIUM] CVE-2019-2848: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulne

CVE-2019-2863 [MEDIUM] CVE-2019-2863: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulne

CVE-2019-11725 [MEDIUM] CVE-2019-11725: When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are display When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68.

CVE-2019-2816 [MEDIUM] CVE-2019-2816: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.

CVE-2019-2745 [MEDIUM] CVE-2019-2745: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported version Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in un

CVE-2019-2740 [MEDIUM] CVE-2019-2740: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported v Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabilit

CVE-2019-2850 [LOW] CVE-2019-2850: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks

CVE-2019-2873 [LOW] CVE-2019-2873: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks

CVE-2019-2875 [LOW] CVE-2019-2875: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks

CVE-2019-2876 [LOW] CVE-2019-2876: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks

CVE-2019-2766 [LOW] CVE-2019-2766: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Su

CVE-2019-2786 [LOW] CVE-2019-2786: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2019-2842 [LOW] CVE-2019-2842: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial d

CVE-2019-2874 [LOW] CVE-2019-2874: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). S Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks

CVE-2019-13962 [CRITICAL] CWE-125 CVE-2019-13962: lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a h lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

CVE-2019-9848 [CRITICAL] CWE-94 CVE-2019-9848: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature t