Backports SLE

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-27	CVE-2019-20010	Use After Free vulnerability in multiple products An issue was discovered in GNU LibreDWG 0.92. network low complexity gnu opensuse CWE-416	8.8
2019-12-27	CVE-2019-20009	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GNU LibreDWG before 0.93. network low complexity gnu opensuse CWE-770	6.5
2019-12-24	CVE-2019-19925	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. network low complexity sqlite siemens oracle debian redhat suse opensuse netapp CWE-434	7.5
2019-12-24	CVE-2019-19923	NULL Pointer Dereference vulnerability in multiple products flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. network low complexity sqlite siemens oracle debian redhat suse opensuse netapp CWE-476	7.5
2019-12-23	CVE-2019-19926	NULL Pointer Dereference vulnerability in multiple products multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. network low complexity sqlite siemens oracle debian redhat opensuse suse netapp CWE-476	7.5
2019-12-20	CVE-2019-19918	Out-of-bounds Write vulnerability in multiple products Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. local low complexity lout-project opensuse fedoraproject CWE-787	7.8
2019-12-20	CVE-2019-19917	Classic Buffer Overflow vulnerability in multiple products Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. local low complexity lout-project opensuse fedoraproject CWE-120	7.8
2019-12-18	CVE-2019-19880	NULL Pointer Dereference vulnerability in multiple products exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. network low complexity sqlite netapp debian suse redhat opensuse oracle siemens CWE-476	7.5
2019-12-16	CVE-2019-16779	Race Condition vulnerability in multiple products In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. network high complexity excon-project opensuse debian CWE-362	5.9
2019-12-10	CVE-2019-13764	Type Confusion vulnerability in multiple products Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject suse opensuse redhat CWE-843	8.8