CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2020-13632 – sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query
https://notcve.org/view.php?id=CVE-2020-13632
27 May 2020 — ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. En el archivo ext/fts3/fts3_snippet.c en SQLite versiones anteriores a la versión 3.32.0, tiene una desreferencia del puntero NULL por medio de una consulta en la función matchinfo() especialmente diseñada. A NULL pointer dereference flaw was found in the matchinfo auxiliary function of the SQLite FTS3 extension module. This flaw allows an attacker who can execute SQL statements to crash the appli... • https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 4%CPEs: 67EXPL: 1CVE-2020-12243 – openldap: denial of service via nested boolean expressions in LDAP search filters
https://notcve.org/view.php?id=CVE-2020-12243
28 Apr 2020 — In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). En el archivo filter.c en slapd en OpenLDAP versiones anteriores a 2.4.50, los filtros de búsqueda de LDAP con expresiones booleanas anidadas pueden resultar en una denegación de servicio (bloqueo del demonio). Red Hat OpenShift Do is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 7%CPEs: 27EXPL: 1CVE-2020-11655 – Gentoo Linux Security Advisory 202007-26
https://notcve.org/view.php?id=CVE-2020-11655
09 Apr 2020 — SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. SQLite versiones hasta 3.31.1, permite a atacantes causar una denegación de servicio (fallo de segmentación) por medio de una consulta de una función de window malformada porque la inicialización el objeto AggInfo es manejada inapropiadamente. It was discovered that SQLite incorrectly handled certain corrupted schemas. An at... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 11%CPEs: 15EXPL: 0CVE-2020-11656 – Gentoo Linux Security Advisory 202007-26
https://notcve.org/view.php?id=CVE-2020-11656
09 Apr 2020 — In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. En SQLite versiones hasta 3.31.1, la implementación de ALTER TABLE presenta un uso de la memoria previamente liberada, como es demostrado por una cláusula ORDER BY que pertenece a una sentencia SELECT compuesta. Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code. Versions less than... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-416: Use After Free •
CVSS: 6.1EPSS: 15%CPEs: 24EXPL: 0CVE-2020-1927 – httpd: mod_rewrite configurations vulnerable to open redirect
https://notcve.org/view.php?id=CVE-2020-1927
01 Apr 2020 — In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. En Apache HTTP Server versiones 2.4.0 hasta 2.4.41, los redireccionamientos configurados con mod_rewrite que pretendían ser autorreferenciales podrían ser engañados por nuevas líneas codificadas y redireccionadas en lugar de una URL inesperada dentro de la URL de petición. A flaw was fou... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 38%CPEs: 21EXPL: 0CVE-2020-1934 – httpd: mod_proxy_ftp use of uninitialized value
https://notcve.org/view.php?id=CVE-2020-1934
01 Apr 2020 — In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. En Apache HTTP Server versiones 2.4.0 hasta 2.4.41, mod_proxy_ftp puede usar memoria no inicializada cuando al enviar un proxy hacia un servidor FTP malicioso. A flaw was found in Apache's HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality. Red Hat JBoss... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0CVE-2020-3909 – Apple Security Advisory 2020-03-24-4
https://notcve.org/view.php?id=CVE-2020-3909
25 Mar 2020 — A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. Se abordó un desbordamiento del búfer con una comprobación de límites mejorada. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, macOS Catalina versión 10.15.4, tvOS versión 13.4, watchOS versión 6.2, iTunes para Windows ve... • https://support.apple.com/HT211100 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1CVE-2020-10108 – python-twisted: HTTP request smuggling when presented with two Content-Length headers
https://notcve.org/view.php?id=CVE-2020-10108
12 Mar 2020 — In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. En Twisted Web versiones hasta 19.10.0, se presentó una vulnerabilidad de división de petición HTTP. Cuando se le presentan dos encabezados content-length, ignora el primer encabezado. • https://know.bishopfox.com/advisories • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2020-9327 – sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations
https://notcve.org/view.php?id=CVE-2020-9327
21 Feb 2020 — In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. En SQLite versión 3.31.1, la función isAuxiliaryVtabOperator permite a atacantes desencadenar una desreferencia del puntero NULL y un fallo de segmentación debido a las optimizaciones de columna generadas. A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to e... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-7044
https://notcve.org/view.php?id=CVE-2020-7044
16 Jan 2020 — In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. En Wireshark versiones 3.2.x anteriores a la versión 3.2.1, el disector WASSP podría bloquearse. Esto fue abordado en el archivo epan/dissectors/packet-wassp.c mediante el uso de )= y (= para resolver errores por un paso. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •