CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 1CVE-2019-5827 – sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces
https://notcve.org/view.php?id=CVE-2019-5827
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento de enteros en SQLite a través de WebSQL en Google Chrome antes de 74.0.3729.131 permitió que un atacante remoto pudiera explotar la corrupción del heap a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html https://crbug.com/952406 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/ • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 7%CPEs: 6EXPL: 1CVE-2019-5018 – sqlite: Use-after-free in window function leading to remote code execution
https://notcve.org/view.php?id=CVE-2019-5018
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Existe una vulnerabilidad de uso de memoria previamente liberada en la función de ventana de Sqlite3 3.26.0. Un comando SQL especialmente diseñado puede causar un uso de memoria previamente liberada, resultando en la ejecución remota del código. • http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html http://www.securityfocus.com/bid/108294 https://security.gentoo.org/glsa/201908-09 https://security.netapp.com/advisory/ntap-20190521-0001 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777 https://usn.ubuntu.com/4205-1 https://access.redhat.com/security/cve/CVE-2019-5018 https://bugzilla.redhat.com/show_bug.cgi?id=1708301 • CWE-416: Use After Free •
CVSS: 9.1EPSS: 1%CPEs: 19EXPL: 0CVE-2019-11036 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11036
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a 7.1.29, 7.2.x anteriores a 7.2.18 y 7.3.x anteriores a 7.3.5, puede hacer que se lea el búfer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la revelación de información o a un cierre inesperado. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html http://www.securityfocus.com/bid/108177 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77950 https://lists. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.1EPSS: 1%CPEs: 16EXPL: 1CVE-2019-11035 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11035
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a la 7.1.28, 7.2.x anteriores a la 7.2.17 y 7.3.x anteriores a la 7.3.4 puede hacer que se lea el búfer asignado en la función exif_iif_add_value. Esto puede conducir a la revelación de información o a un cierre inesperado. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77831 https://lists.debian.org/debian-lts-announce/2019/05/msg0 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 1%CPEs: 16EXPL: 0CVE-2019-11034 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11034
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a la 7.1.28, 7.2.x anteriores a la 7.2.17 y 7.3.x anteriores a la 7.3.4 puede hacer que se lea el buffer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la revelación de información o a un cierre inesperado. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77753 https://lists.debian.org/debian-lts-announce/2019/05/msg0 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •