Page 13 of 1979 results (0.013 seconds)

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19926 – sqlite: error mishandling because of incomplete fix of CVE-2019-19880

https://notcve.org/view.php?id=CVE-2019-19926

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. La función multiSelect en el archivo select.c en SQLite versión 3.30.1, maneja inapropiadamente determinados errores durante el análisis, como es demostrado por los errores de las llamadas de sqlite3WindowRewrite(). NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta para CVE-2019-19880. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19880 – sqlite: invalid pointer dereference in exprListAppendList in window.c

https://notcve.org/view.php?id=CVE-2019-19880

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. La función exprListAppendList en el archivo window.c en SQLite versión 3.30.1, permite a atacantes desencadenar una desreferencia del puntero no válida porque los valores enteros constantes en las cláusulas ORDER BY de las definiciones de ventana son manejados inapropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 https://security.netapp.com/advisory/ntap-20200114-0001 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •

CVSS: 8.1EPSS: 1%CPEs: 15EXPL: 0

CVE-2018-1311 – xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs

https://notcve.org/view.php?id=CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. El analizador XML de Apache Xerces - versiones C 3.0.0 hasta 3.2.3, contiene un error de uso de la memoria previamente liberada desencadenado durante el escaneo de los DTD externos. Este error no se ha abordado en la versión mantenida de la biblioteca y no tiene una mitigación actual que no sea deshabilitar el procesamiento de DTD. • http://www.openwall.com/lists/oss-security/2024/02/16/1 https://access.redhat.com/errata/RHSA-2020:0702 https://access.redhat.com/errata/RHSA-2020:0704 https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E https:& • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2019-8846 – webkitgtk: Use after free issue may lead to remote code execution

https://notcve.org/view.php?id=CVE-2019-8846

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de la memoria previamente liberada con una administración de la memoria mejorada. Este problema se corrigió en tvOS versión 13.3, iCloud para Windows versión 10.9, iOS versión 13.3 y iPadOS versión 13.3, Safari versión 13.0.4, iTunes versión 12.10.3 para Windows, iCloud para Windows versión 7.16. • https://support.apple.com/en-us/HT210785 https://support.apple.com/en-us/HT210790 https://support.apple.com/en-us/HT210792 https://support.apple.com/en-us/HT210793 https://support.apple.com/en-us/HT210794 https://support.apple.com/en-us/HT210795 https://access.redhat.com/security/cve/CVE-2019-8846 https://bugzilla.redhat.com/show_bug.cgi?id=1816678 • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2019-8835 – Apple macOS apfs Use-After-Free Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2019-8835

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó múltiples problemas de corrupción de memoria con un manejo de la memoria mejorada. Este problema se corrigió en tvOS versión 13.3, iCloud para Windows versión 10.9, iOS versión 13.3 y iPadOS versión 13.3, Safari versión 13.0.4, iTunes versión 12.10.3 para Windows, iCloud para Windows versión 7.16. • https://support.apple.com/en-us/HT210785 https://support.apple.com/en-us/HT210790 https://support.apple.com/en-us/HT210792 https://support.apple.com/en-us/HT210793 https://support.apple.com/en-us/HT210794 https://support.apple.com/en-us/HT210795 https://access.redhat.com/security/cve/CVE-2019-8835 https://bugzilla.redhat.com/show_bug.cgi?id=1816684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •