Page 50 of 329 results (0.011 seconds)

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19923 – sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference

https://notcve.org/view.php?id=CVE-2019-19923

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). La función flattenSubquery en el archivo select.c en SQLite versión 3.30.1 maneja inapropiadamente ciertos usos de SELECT DISTINCT que involucra una LEFT JOIN en la que el lado derecho es una vista. Esto puede causar una desreferencia del puntero NULL (o resultados incorrectos). • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19926 – sqlite: error mishandling because of incomplete fix of CVE-2019-19880

https://notcve.org/view.php?id=CVE-2019-19926

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. La función multiSelect en el archivo select.c en SQLite versión 3.30.1, maneja inapropiadamente determinados errores durante el análisis, como es demostrado por los errores de las llamadas de sqlite3WindowRewrite(). NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta para CVE-2019-19880. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1

CVE-2019-19917

https://notcve.org/view.php?id=CVE-2019-19917

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. Lout versión 3.40, presenta un desbordamiento de búfer en la función StringQuotedWord() en el archivo z39.c. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEJVEIQMRXJ26ZT • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1

CVE-2019-19918

https://notcve.org/view.php?id=CVE-2019-19918

Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. Lout versión 3.40, presenta un desbordamiento de búfer en la región heap de la memoria en la función srcnext() en el archivo z02.c. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEJVEIQMRXJ26ZT • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19880 – sqlite: invalid pointer dereference in exprListAppendList in window.c

https://notcve.org/view.php?id=CVE-2019-19880

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. La función exprListAppendList en el archivo window.c en SQLite versión 3.30.1, permite a atacantes desencadenar una desreferencia del puntero no válida porque los valores enteros constantes en las cláusulas ORDER BY de las definiciones de ventana son manejados inapropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 https://security.netapp.com/advisory/ntap-20200114-0001 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •