CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2019-13751 – sqlite: fts3: improve detection of corrupted records
https://notcve.org/view.php?id=CVE-2019-13751
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Datos no inicializados en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto conseguir información potencialmente confidencial desde la memoria del proceso por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1025465 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-13750 – sqlite: dropping of shadow tables not restricted in defensive mode
https://notcve.org/view.php?id=CVE-2019-13750
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. Una comprobación de datos insuficiente en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto omitir las medidas de defensa en profundidad por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1025464 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-13752 – sqlite: fts3: improve shadow table corruption detection
https://notcve.org/view.php?id=CVE-2019-13752
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Una lectura fuera de límites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto conseguir información potencialmente confidencial desde la memoria del proceso por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1025470 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2019-13734 – sqlite: fts3: improve shadow table corruption detection
https://notcve.org/view.php?id=CVE-2019-13734
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de limites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://access.redhat.com/errata/RHSA-2020:0227 https://access.redhat.com/errata/RHSA-2020:0229 https://access.redhat.com/errata/RHSA-2020:0273 https://access.redhat.com/errata/RHSA-2020:0451 https://access.redhat.com/errata/RHSA-2020:0463 https://access.redhat.com/errata/RHSA-2020:0 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 1%CPEs: 12EXPL: 0CVE-2019-14861
https://notcve.org/view.php?id=CVE-2019-14861
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html http://www.openwall.com/lists/oss-security/2024/06/24/3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE https:/&#x • CWE-276: Incorrect Default Permissions •