CVSS: 7.5EPSS: 7%CPEs: 27EXPL: 1CVE-2020-11655 – Gentoo Linux Security Advisory 202007-26
https://notcve.org/view.php?id=CVE-2020-11655
09 Apr 2020 — SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. SQLite versiones hasta 3.31.1, permite a atacantes causar una denegación de servicio (fallo de segmentación) por medio de una consulta de una función de window malformada porque la inicialización el objeto AggInfo es manejada inapropiadamente. It was discovered that SQLite incorrectly handled certain corrupted schemas. An at... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 11%CPEs: 15EXPL: 0CVE-2020-11656 – Gentoo Linux Security Advisory 202007-26
https://notcve.org/view.php?id=CVE-2020-11656
09 Apr 2020 — In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. En SQLite versiones hasta 3.31.1, la implementación de ALTER TABLE presenta un uso de la memoria previamente liberada, como es demostrado por una cláusula ORDER BY que pertenece a una sentencia SELECT compuesta. Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code. Versions less than... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1730 – libssh: denial of service when handling AES-CTR (or DES) ciphers
https://notcve.org/view.php?id=CVE-2020-1730
09 Apr 2020 — A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. Se detectó un fallo en libssh versiones anteriores a 0.8.9 y versiones anteriores a 0.9.4, en la manera en que se manejaron los cifrados AES-CTR (o DES si e... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2020-9327 – sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations
https://notcve.org/view.php?id=CVE-2020-9327
21 Feb 2020 — In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. En SQLite versión 3.31.1, la función isAuxiliaryVtabOperator permite a atacantes desencadenar una desreferencia del puntero NULL y un fallo de segmentación debido a las optimizaciones de columna generadas. A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to e... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2020-7595 – libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations
https://notcve.org/view.php?id=CVE-2020-7595
21 Jan 2020 — xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. La función xmlStringLenDecodeEntities en el archivo parser.c en libxml2 versión 2.9.10, presenta un bucle infinito en una determinada situación de fin del archivo. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20388 – libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c
https://notcve.org/view.php?id=CVE-2019-20388
21 Jan 2020 — xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. La función xmlSchemaPreRun en el archivo xmlschemas.c en libxml2 versión 2.9.10, permite una pérdida de memoria de la función xmlSchemaValidateStream. A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20218 – sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error
https://notcve.org/view.php?id=CVE-2019-20218
02 Jan 2020 — selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. La función selectExpander en el archivo select.c en SQLite versión 3.30.1, continúa con el despliegue de la pila WITH incluso después de un error de análisis. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. • https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387 • CWE-391: Unchecked Error Condition CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 9%CPEs: 13EXPL: 0CVE-2019-19925 – sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
https://notcve.org/view.php?id=CVE-2019-19925
24 Dec 2019 — zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. La función zipfileUpdate en el archivo ext/misc/zipfile.c en SQLite versión 3.30.1, maneja inapropiadamente un nombre de ruta NULL durante una actualización de un archivo ZIP. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered t... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 10%CPEs: 5EXPL: 0CVE-2019-19924 – sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting
https://notcve.org/view.php?id=CVE-2019-19924
24 Dec 2019 — SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. SQLite versión 3.30.1 maneja inapropiadamente cierta reescritura de árbol de análisis, relacionada con los archivos expr.c, vdbeaux.c y window.c. Esto es causado por un manejo incorrecto de errores de la función sqlite3WindowRewrite(). It was discovered that SQLite incorrectly handled certain shadow tables. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-391: Unchecked Error Condition CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 11%CPEs: 13EXPL: 0CVE-2019-19923 – sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2019-19923
24 Dec 2019 — flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). La función flattenSubquery en el archivo select.c en SQLite versión 3.30.1 maneja inapropiadamente ciertos usos de SELECT DISTINCT que involucra una LEFT JOIN en la que el lado derecho es una vista. Esto puede causar una desreferencia del puntero NULL (o resultados incorrectos). It was discovere... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-476: NULL Pointer Dereference •