Opensuse Leap vulnerabilities

CVE-2019-13307 [HIGH] CWE-787 CVE-2019-13307: ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImage ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.

CVE-2019-13300 [HIGH] CWE-787 CVE-2019-13300: ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImage ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.

CVE-2019-13311 [MEDIUM] CWE-401 CVE-2019-13311: ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.

CVE-2019-13301 [MEDIUM] CWE-401 CVE-2019-13301: ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.

CVE-2019-13309 [MEDIUM] CWE-401 CVE-2019-13309: ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchIm ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.

CVE-2019-13296 [MEDIUM] CWE-401 CVE-2019-13296: ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLILi ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.

CVE-2019-13310 [MEDIUM] CWE-401 CVE-2019-13310: ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/m ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.

CVE-2019-13164 [HIGH] CVE-2019-13164: qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained f qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.

CVE-2019-5051 [HIGH] CWE-390 CVE-2019-5051: An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

CVE-2019-5052 [HIGH] CWE-190 CVE-2019-5052: An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

CVE-2019-13134 [MEDIUM] CWE-401 CVE-2019-13134: ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/ ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.

CVE-2019-13117 [MEDIUM] CWE-908 CVE-2019-13117: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitiali In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

CVE-2019-13133 [MEDIUM] CWE-401 CVE-2019-13133: ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/b ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.

CVE-2019-13118 [MEDIUM] CWE-843 CVE-2019-13118: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

CVE-2019-13050 [HIGH] CWE-295 CVE-2019-13050: Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG thr Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.

CVE-2019-5809 [HIGH] CWE-416 CVE-2019-5809: Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.

CVE-2019-5824 [HIGH] CWE-787 CVE-2019-5824: Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker t Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5819 [HIGH] CWE-20 CVE-2019-5819: Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allo Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.

CVE-2019-5827 [HIGH] CWE-190 CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attac Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5816 [HIGH] CWE-664 CVE-2019-5816: Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.