CVSS: 7.0EPSS: 0%CPEs: 25EXPL: 0CVE-2020-13630 – sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c
https://notcve.org/view.php?id=CVE-2020-13630
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. El archivo ext/fts3/fts3.c en SQLite versiones anteriores a la versión 3.32.0, tiene un uso de la memoria previamente liberada en la función fts3EvalNextRow, relacionado con la funcionalidad snippet. A use-after-free vulnerability was found in the SQLite FTS3 extension module in the way it implemented the snippet function. This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXY • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-13631 – sqlite: Virtual table can be renamed into the name of one of its shadow tables
https://notcve.org/view.php?id=CVE-2020-13631
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. SQLite versiones anteriores a la versión 3.32.0, permite que una tabla virtual sea renombrada con el nombre de una de sus tablas shadow, relacionada con los archivos alter.c y build.c. A flaw was found in the virtual table implementation of SQLite. This flaw allows an attacker who can execute SQL statements to rename a virtual table to the name of one of its shadow tables, leading to potential data corruption. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40lists&# • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 1CVE-2020-13434 – sqlite: integer overflow in sqlite3_str_vappendf function in printf.c
https://notcve.org/view.php?id=CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. SQLite versiones hasta 3.32.0, presenta un desbordamiento de enteros en la función sqlite3_str_vappendf en el archivo printf.c. An integer overflow flaw was found in the SQLite implementation of the printf() function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN https://security.FreeBSD.org/advisories/FreeBSD-SA-20: • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option
https://notcve.org/view.php?id=CVE-2019-20044
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegios originales pueden ser restaurados mediante una ejecución de zmodload de MODULE_PATH=/dir/with/module con un módulo que llama a la función setuid(). A flaw was found in zsh. • http://seclists.org/fulldisclosure/2020/May/49 http://seclists.org/fulldisclosure/2020/May/53 http://seclists.org/fulldisclosure/2020/May/55 http://seclists.org/fulldisclosure/2020/May/59 http://zsh.sourceforge.net/releases.html https://github.com/XMB5/zsh-privileged-upgrade https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproje • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6402 – chromium-browser: Insufficient policy enforcement in downloads
https://notcve.org/view.php?id=CVE-2020-6402
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Una aplicación insuficiente de la política en downloads en Google Chrome sobre OS X versiones anteriores a 80.0.3987.87, permitió a un atacante que convenció a un usuario a instalar una extensión maliciosa para ejecutar código arbitrario por medio de una extensión de Chrome diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1029375 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-20: Improper Input Validation •