Opensuse Leap vulnerabilities

CVE-2019-5789 [HIGH] CWE-190 CVE-2019-5789: An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 7 An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

CVE-2019-5795 [HIGH] CWE-190 CVE-2019-5795: Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to poten Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

CVE-2019-5796 [HIGH] CWE-362 CVE-2019-5796: Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5788 [HIGH] CWE-190 CVE-2019-5788: An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

CVE-2019-5792 [HIGH] CWE-190 CVE-2019-5792: Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to poten Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

CVE-2019-5799 [MEDIUM] CWE-20 CVE-2019-5799: Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior t Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2019-5798 [MEDIUM] CWE-125 CVE-2019-5798: Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote atta Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2019-5802 [MEDIUM] CVE-2019-5802: Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2019-5803 [MEDIUM] CWE-20 CVE-2019-5803: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 al Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2019-5794 [MEDIUM] CVE-2019-5794: Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowe Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2019-5801 [MEDIUM] CWE-20 CVE-2019-5801: Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2019-5800 [MEDIUM] CWE-20 CVE-2019-5800: Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote att Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2019-5804 [MEDIUM] CWE-88 CVE-2019-5804: Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local a Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

CVE-2019-5793 [MEDIUM] CWE-20 CVE-2019-5793: Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remot Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

CVE-2019-12221 [MEDIUM] CWE-787 CVE-2019-12221: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunctio An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

CVE-2019-3839 [HIGH] CWE-648 CVE-2019-3839: It was found that in ghostscript some privileged operators remained accessible from various places a It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

CVE-2019-8936 [HIGH] CWE-476 CVE-2019-8936: NTP through 4.2.8p12 has a NULL Pointer Dereference. NTP through 4.2.8p12 has a NULL Pointer Dereference.

CVE-2019-12098 [HIGH] CVE-2019-12098: In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exch In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

CVE-2019-11328 [HIGH] CWE-732 CVE-2019-11328: An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network acces An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing//`. The manipulation of those files can change the behavior of the starter-suid program wh

CVE-2019-12083 [HIGH] CWE-125 CVE-2019-12083: The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method whi The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds w