Opensuse Leap vulnerabilities

CVE-2018-16874 [HIGH] CWE-20 CVE-2018-16874: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traver In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cm

CVE-2018-16873 [HIGH] CWE-20 CVE-2018-16873: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code exec In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://

CVE-2018-19364 [MEDIUM] CWE-416 CVE-2018-19364: hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a sec hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

CVE-2018-19489 [MEDIUM] CWE-362 CVE-2018-19489: v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) becaus v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.

CVE-2018-16872 [MEDIUM] CWE-367 CVE-2018-16872: A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write

CVE-2018-18335 [HIGH] CWE-787 CVE-2018-18335: Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to pot Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-18356 [HIGH] CWE-190 CVE-2018-18356: An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0 An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-19665 [MEDIUM] CWE-190 CVE-2018-19665: The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory c The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

CVE-2018-19865 [HIGH] CWE-532 CVE-2018-19865: A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.

CVE-2018-19840 [MEDIUM] CWE-835 CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attacke The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

CVE-2018-19841 [MEDIUM] CWE-125 CVE-2018-19841: The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allow The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

CVE-2018-19542 [MEDIUM] CWE-476 CVE-2018-19542: An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_de An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.

CVE-2018-19539 [MEDIUM] CWE-617 CVE-2018-19539: An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_rea An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

CVE-2018-19490 [HIGH] CWE-787 CVE-2018-19490: An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a h An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.

CVE-2018-19491 [HIGH] CWE-119 CVE-2018-19491: An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buf An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.

CVE-2018-19492 [HIGH] CWE-119 CVE-2018-19492: An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a bu An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.

CVE-2018-18954 [MEDIUM] CWE-125 CVE-2018-18954: The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or re The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

CVE-2018-16843 [HIGH] CWE-400 CVE-2018-16843: nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

CVE-2018-19052 [HIGH] CWE-22 CVE-2018-19052: An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. Ther An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

CVE-2018-16845 [MEDIUM] CWE-400 CVE-2018-16845: nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might all nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_modul