CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-13631 – sqlite: Virtual table can be renamed into the name of one of its shadow tables
https://notcve.org/view.php?id=CVE-2020-13631
27 May 2020 — SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. SQLite versiones anteriores a la versión 3.32.0, permite que una tabla virtual sea renombrada con el nombre de una de sus tablas shadow, relacionada con los archivos alter.c y build.c. A flaw was found in the virtual table implementation of SQLite. This flaw allows an attacker who can execute SQL statements to rename a virtual table to the name of one of its shadow tables, leadi... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 1CVE-2020-13434 – sqlite: integer overflow in sqlite3_str_vappendf function in printf.c
https://notcve.org/view.php?id=CVE-2020-13434
24 May 2020 — SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. SQLite versiones hasta 3.32.0, presenta un desbordamiento de enteros en la función sqlite3_str_vappendf en el archivo printf.c. An integer overflow flaw was found in the SQLite implementation of the printf() function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service. Red Hat Advanced Cluster Management for Kubernetes 2.3.0 imag... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-10663 – rubygem-json: Unsafe object creation vulnerability in JSON
https://notcve.org/view.php?id=CVE-2020-10663
28 Apr 2020 — The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. La gema JSON versiones hasta 2.2.0 para Ruby, como es usado en Ruby versiones 2.4 ha... • https://github.com/rails-lts/json_cve_2020_10663 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2019-14899 – Apple Security Advisory 2020-11-13-3
https://notcve.org/view.php?id=CVE-2019-14899
11 Dec 2019 — A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. Se detectó una vulne... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-13118 – Apple Security Advisory 2019-7-22-5
https://notcve.org/view.php?id=CVE-2019-13118
01 Jul 2019 — In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevan... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2013-0340 – Apple Security Advisory 2021-10-26-11
https://notcve.org/view.php?id=CVE-2013-0340
21 Jan 2014 — expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issu... • http://openwall.com/lists/oss-security/2013/02/22/3 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2000-0041
https://notcve.org/view.php?id=CVE-2000-0041
28 Dec 1999 — Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. • http://www.securityfocus.com/bid/890 •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-1999-1077
https://notcve.org/view.php?id=CVE-1999-1077
01 Nov 1999 — Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. • http://marc.info/?l=bugtraq&m=94149318124548&w=2 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-1999-1076
https://notcve.org/view.php?id=CVE-1999-1076
26 Oct 1999 — Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session. • http://marc.info/?l=bugtraq&m=94096348604173&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 2CVE-1999-1543 – Apple Mac OS 8 8.6 - Weak Password Encryption
https://notcve.org/view.php?id=CVE-1999-1543
10 Jul 1999 — MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File. • https://www.exploit-db.com/exploits/19417 •