CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2020-13632 – sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query
https://notcve.org/view.php?id=CVE-2020-13632
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. En el archivo ext/fts3/fts3_snippet.c en SQLite versiones anteriores a la versión 3.32.0, tiene una desreferencia del puntero NULL por medio de una consulta en la función matchinfo() especialmente diseñada. A NULL pointer dereference flaw was found in the matchinfo auxiliary function of the SQLite FTS3 extension module. This flaw allows an attacker who can execute SQL statements to crash the application, resulting in a denial of service. • https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200608-0002 https://sqlite.org&#x • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13253
https://notcve.org/view.php?id=CVE-2020-13253
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. En la función sd_wp_addr en el archivo hw/sd/sd.c en QEMU versión 4.2.0, utiliza una dirección no comprobada, lo que conlleva a una lectura fuera de límites durante las operaciones sdhci_write(). Un usuario del Sistema Operativo invitado puede bloquear el proceso QEMU. • http://www.openwall.com/lists/oss-security/2020/05/27/2 https://bugzilla.redhat.com/show_bug.cgi?id=1838546 https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html https://security.gentoo.org/glsa/202011-09 https://usn.ubuntu.com/4467-1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 1CVE-2020-13434 – sqlite: integer overflow in sqlite3_str_vappendf function in printf.c
https://notcve.org/view.php?id=CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. SQLite versiones hasta 3.32.0, presenta un desbordamiento de enteros en la función sqlite3_str_vappendf en el archivo printf.c. An integer overflow flaw was found in the SQLite implementation of the printf() function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN https://security.FreeBSD.org/advisories/FreeBSD-SA-20: • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13398 – freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c
https://notcve.org/view.php?id=CVE-2020-13398
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Ha sido detectada una vulnerabilidad de escritura fuera de límites (OOB) en la función crypto_rsa_common en el archivo libfreerdp/crypto/crypto.c. An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, leads to an out-of-bounds write. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https:& • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13396 – freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
https://notcve.org/view.php?id=CVE-2020-13396
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Se detectó una vulnerabilidad de lectura fuera de límites (OOB) en la función ntlm_read_ChallengeMessage en el archivo winpr/libwinpr/sspi/NTLM/ ntlm_message.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https:& • CWE-125: Out-of-bounds Read •