Opensuse Leap vulnerabilities

CVE-2019-9213 [MEDIUM] CWE-476 CVE-2019-9213: In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

CVE-2019-9215 [CRITICAL] CVE-2019-9215: In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizat In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

CVE-2019-9209 [MEDIUM] CWE-193 CVE-2019-9209: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. T In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave

CVE-2019-8375 [CRITICAL] CWE-119 CVE-2019-8375: The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22. The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKit

CVE-2019-9020 [CRITICAL] CWE-125 CVE-2019-9020: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x befo An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.

CVE-2019-9023 [CRITICAL] CWE-125 CVE-2019-9023: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x befo An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring

CVE-2019-9021 [CRITICAL] CVE-2019-9021: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x befo An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This

CVE-2019-9003 [HIGH] CWE-416 CVE-2019-9003: In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-a In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.

CVE-2019-9024 [HIGH] CWE-125 CVE-2019-9024: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x befo An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

CVE-2019-8980 [HIGH] CWE-401 CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allo A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

CVE-2018-20783 [HIGH] CWE-125 CVE-2018-20783: In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.

CVE-2019-7164 [CRITICAL] CWE-89 CVE-2019-7164: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

CVE-2019-3812 [MEDIUM] CWE-119 CVE-2019-3812: QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up t QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

CVE-2019-8907 [HIGH] CWE-787 CVE-2019-8907: do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of se do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

CVE-2019-8912 [HIGH] CWE-416 CVE-2019-8912: In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL valu In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

CVE-2019-8906 [MEDIUM] CWE-125 CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is mis do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

CVE-2019-8905 [MEDIUM] CVE-2019-8905: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

CVE-2019-8341 [CRITICAL] CWE-94 CVE-2019-8341: An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template In An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerabilit

CVE-2019-5736 [HIGH] CWE-78 CVE-2019-5736: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overw runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to whi