Page 139 of 982 results (0.010 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-13435 – sqlite: NULL pointer dereference in sqlite3ExprCodeTarget()

https://notcve.org/view.php?id=CVE-2020-13435

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. SQLite versiones hasta 3.32.0, presenta un error de segmentación en la función sqlite3ExprCodeTarget en el archivo expr.c. A NULL pointer dereference flaw was found in SQLite when rewriting select statements for window functions. This flaw allows an attacker who can execute SQL statements, to crash the application, resulting in a denial of service. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200528-0004 https://support.apple& • CWE-476: NULL Pointer Dereference •

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-12693

https://notcve.org/view.php?id=CVE-2020-12693

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. Slurm versiones 19.05.x anteriores a la versión 19.05.7 y versiones 20.02.x anteriores a la versión 20.02.3, en el extraño caso en que Message Aggregation esté habilitada, permite una Omisión de Autenticación por medio de una ruta o canal alternativo. Una condición de carrera permite a un usuario iniciar un proceso como usuario arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00063.html https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNL5E5SK4WP6M3DKU4IKW2NPQD2XTZ4Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3RGQB3EWDLOLTSPAJPPWZEPQK3O3AUH https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-6491 – chromium-browser: Incorrect security UI in site information

https://notcve.org/view.php?id=CVE-2020-6491

Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. Una comprobación insuficiente de datos en site information en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto falsificar la Interfaz de Usuario de seguridad por medio de un nombre de dominio especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1050011 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1

CVE-2020-6489 – chromium-browser: Inappropriate implementation in developer tools

https://notcve.org/view.php?id=CVE-2020-6489

Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. Una implementación inapropiada en developer tools en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto que había convencido al usuario de tomar determinadas acciones en developer tools para obtener información potencialmente sensible del disco por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1050756 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-6490 – chromium-browser: Insufficient data validation in loader

https://notcve.org/view.php?id=CVE-2020-6490

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. Una comprobación insuficiente de datos en loader en Google Chrome versiones anteriores a la versión 83.0.4103.61, permitió a un atacante remoto que había sido capaz de escribir en el disco filtrar datos de tipo cross-origin por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html https://crbug.com/1035887 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT https://security.g • CWE-668: Exposure of Resource to Wrong Sphere •