CVSS: 7.5EPSS: 11%CPEs: 13EXPL: 0CVE-2019-19926 – sqlite: error mishandling because of incomplete fix of CVE-2019-19880
https://notcve.org/view.php?id=CVE-2019-19926
23 Dec 2019 — multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. La función multiSelect en el archivo select.c en SQLite versión 3.30.1, maneja inapropiadamente determinados errores durante el análisis, como es demostrado por los errores de las llamadas de sqlite3WindowRewrite(). NOTA: esta vulnerabilidad se presenta debido a una corrección incomplet... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 11%CPEs: 13EXPL: 0CVE-2019-19880 – sqlite: invalid pointer dereference in exprListAppendList in window.c
https://notcve.org/view.php?id=CVE-2019-19880
18 Dec 2019 — exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. La función exprListAppendList en el archivo window.c en SQLite versión 3.30.1, permite a atacantes desencadenar una desreferencia del puntero no válida porque los valores enteros constantes en las cláusulas ORDER BY de las definiciones de ventana son manejados inapropiadamente. It was discovered that SQLite incorr... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 40%CPEs: 11EXPL: 2CVE-2019-13764 – chromium-browser: Type Confusion in V8
https://notcve.org/view.php?id=CVE-2019-13764
10 Dec 2019 — Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en JavaScript en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.79. Issues... • https://github.com/HaboobLab/CVE-2019-13764 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 2%CPEs: 11EXPL: 1CVE-2019-13745 – chromium-browser: Insufficient policy enforcement in audio
https://notcve.org/view.php?id=CVE-2019-13745
10 Dec 2019 — Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación de política insuficiente en audio en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.79. Issues addre... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html •
CVSS: 8.8EPSS: 6%CPEs: 32EXPL: 0CVE-2019-13734 – sqlite: fts3: improve shadow table corruption detection
https://notcve.org/view.php?id=CVE-2019-13734
10 Dec 2019 — Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de limites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 34%CPEs: 8EXPL: 2CVE-2019-11730 – Mozilla: Same-origin policy treats all files in a directory as having the same-origin
https://notcve.org/view.php?id=CVE-2019-11730
11 Jul 2019 — A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that ap... • https://github.com/alidnf/CVE-2019-11730 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2019-11709 – Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
https://notcve.org/view.php?id=CVE-2019-11709
11 Jul 2019 — Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron bugs de seguridad de memoria presentes en Firefox versión 67 y Firefox ESR versión 60... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-5798 – chromium-browser: Out of bounds read in Skia
https://notcve.org/view.php?id=CVE-2019-5798
28 Mar 2019 — Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La falta de comprobación de límites correcta en Skia en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una lectura de memoria fuera de límites por medio de una página HTML creada. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This up... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0CVE-2019-7443 – Ubuntu Security Notice USN-6035-1
https://notcve.org/view.php?id=CVE-2019-7443
25 Feb 2019 — KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. KDE KAuth, versiones anteriores 5.55, permite el paso de parámetros con tipos arbitrarios a ayudante... • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 1CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
04 Feb 2019 — png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •