Vulnerabilities > CVE-2019-19880 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Application | 1 | |
Application | 1 | |
Application | Oracle
| 15 |
Application | 2 | |
OS | 2 | |
OS | 1 | |
OS | 3 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0200_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 132989 published 2020-01-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132989 title Photon OS 2.0: Sqlite PHSA-2020-2.0-0200 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-2.0-0200. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(132989); script_version("1.3"); script_cvs_date("Date: 2020/01/18"); script_cve_id("CVE-2019-19645", "CVE-2019-19880", "CVE-2019-20218"); script_name(english:"Photon OS 2.0: Sqlite PHSA-2020-2.0-0200"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the sqlite package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-200.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-20218"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/09"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_exists(rpm:"sqlite-3.30", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"sqlite-3.30.1-1.ph2")) flag++; if (rpm_exists(rpm:"sqlite-3.30", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"src", reference:"sqlite-3.30.1-1.ph2.src")) flag++; if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"sqlite-debuginfo-3.30.1-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"sqlite-devel-3.30.1-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"sqlite-libs-3.30.1-1.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4638.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library. - CVE-2020-6381 UK last seen 2020-03-17 modified 2020-03-12 plugin id 134433 published 2020-03-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134433 title Debian DSA-4638-1 : chromium - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4638. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(134433); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16"); script_cve_id("CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19925", "CVE-2019-19926", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6383", "CVE-2020-6384", "CVE-2020-6385", "CVE-2020-6386", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6403", "CVE-2020-6404", "CVE-2020-6405", "CVE-2020-6406", "CVE-2020-6407", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6418", "CVE-2020-6420"); script_xref(name:"DSA", value:"4638"); script_name(english:"Debian DSA-4638-1 : chromium - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library. - CVE-2020-6381 UK's National Cyber Security Centre discovered an integer overflow issue in the v8 JavaScript library. - CVE-2020-6382 Soyeon Park and Wen Xu discovered a type error in the v8 JavaScript library. - CVE-2020-6383 Sergei Glazunov discovered a type error in the v8 JavaScript library. - CVE-2020-6384 David Manoucheri discovered a use-after-free issue in WebAudio. - CVE-2020-6385 Sergei Glazunov discovered a policy enforcement error. - CVE-2020-6386 Zhe Jin discovered a use-after-free issue in speech processing. - CVE-2020-6387 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation. - CVE-2020-6388 Sergei Glazunov discovered an out-of-bounds read error in the WebRTC implementation. - CVE-2020-6389 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation. - CVE-2020-6390 Sergei Glazunov discovered an out-of-bounds read error. - CVE-2020-6391 Michal Bentkowski discoverd that untrusted input was insufficiently validated. - CVE-2020-6392 The Microsoft Edge Team discovered a policy enforcement error. - CVE-2020-6393 Mark Amery discovered a policy enforcement error. - CVE-2020-6394 Phil Freo discovered a policy enforcement error. - CVE-2020-6395 Pierre Langlois discovered an out-of-bounds read error in the v8 JavaScript library. - CVE-2020-6396 William Luc Ritchie discovered an error in the skia library. - CVE-2020-6397 Khalil Zhani discovered a user interface error. - CVE-2020-6398 pdknsk discovered an uninitialized variable in the pdfium library. - CVE-2020-6399 Luan Herrera discovered a policy enforcement error. - CVE-2020-6400 Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing. - CVE-2020-6401 Tzachy Horesh discovered that user input was insufficiently validated. - CVE-2020-6402 Vladimir Metnew discovered a policy enforcement error. - CVE-2020-6403 Khalil Zhani discovered a user interface error. - CVE-2020-6404 kanchi discovered an error in Blink/Webkit. - CVE-2020-6405 Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the sqlite library. - CVE-2020-6406 Sergei Glazunov discovered a use-after-free issue. - CVE-2020-6407 Sergei Glazunov discovered an out-of-bounds read error. - CVE-2020-6408 Zhong Zhaochen discovered a policy enforcement error in Cross-Origin Resource Sharing. - CVE-2020-6409 Divagar S and Bharathi V discovered an error in the omnibox implementation. - CVE-2020-6410 evil1m0 discovered a policy enforcement error. - CVE-2020-6411 Khalil Zhani discovered that user input was insufficiently validated. - CVE-2020-6412 Zihan Zheng discovered that user input was insufficiently validated. - CVE-2020-6413 Michal Bentkowski discovered an error in Blink/Webkit. - CVE-2020-6414 Lijo A.T discovered a policy safe browsing policy enforcement error. - CVE-2020-6415 Avihay Cohen discovered an implementation error in the v8 JavaScript library. - CVE-2020-6416 Woojin Oh discovered that untrusted input was insufficiently validated. - CVE-2020-6418 Clement Lecigne discovered a type error in the v8 JavaScript library. - CVE-2020-6420 Taras Uzdenov discovered a policy enforcement error." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-19880" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-19923" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-19925" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-19926" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6381" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6382" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6383" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6384" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6385" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6386" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6387" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6388" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6389" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6390" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6391" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6392" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6393" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6394" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6395" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6396" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6397" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6398" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6399" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6400" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6401" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6402" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6403" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6404" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6405" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6406" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6407" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6408" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6409" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6410" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6411" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6412" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6413" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6414" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6415" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6416" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6418" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-6420" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/chromium" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/buster/chromium" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4638" ); script_set_attribute( attribute:"solution", value: "Upgrade the chromium packages. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 80.0.3987.132-1~deb10u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 80 JSCreate side-effect type confusion exploit'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"10.0", prefix:"chromium", reference:"80.0.3987.132-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-common", reference:"80.0.3987.132-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-driver", reference:"80.0.3987.132-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-l10n", reference:"80.0.3987.132-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-sandbox", reference:"80.0.3987.132-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"chromium-shell", reference:"80.0.3987.132-1~deb10u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0264_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 132984 published 2020-01-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132984 title Photon OS 1.0: Sqlite PHSA-2020-1.0-0264 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-1.0-0264. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(132984); script_version("1.3"); script_cvs_date("Date: 2020/01/18"); script_cve_id( "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-20218" ); script_name(english:"Photon OS 1.0: Sqlite PHSA-2020-1.0-0264"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the sqlite package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-264.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-20218"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"sqlite-autoconf-3.30.1-2.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1132.NASL description According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2020-02-24 plugin id 133933 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133933 title EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2020-1132) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(133933); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19926", "CVE-2019-20218" ); script_name(english:"EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2020-1132)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1132 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?90078534"); script_set_attribute(attribute:"solution", value: "Update the affected sqlite packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19924"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["sqlite-3.7.17-8.h9.eulerosv2r7", "sqlite-devel-3.7.17-8.h9.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4298-1.NASL description It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923) It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924) It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218) It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-03-11 plugin id 134402 published 2020-03-11 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134402 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : sqlite3 vulnerabilities (USN-4298-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4298-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(134402); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13"); script_cve_id("CVE-2019-13734", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2020-9327"); script_xref(name:"USN", value:"4298-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : sqlite3 vulnerabilities (USN-4298-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923) It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924) It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218) It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4298-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libsqlite3-0 and / or sqlite3 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsqlite3-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sqlite3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libsqlite3-0", pkgver:"3.11.0-1ubuntu1.4")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"sqlite3", pkgver:"3.11.0-1ubuntu1.4")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libsqlite3-0", pkgver:"3.22.0-1ubuntu0.3")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"sqlite3", pkgver:"3.22.0-1ubuntu0.3")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libsqlite3-0", pkgver:"3.29.0-2ubuntu0.2")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"sqlite3", pkgver:"3.29.0-2ubuntu0.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsqlite3-0 / sqlite3"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1180.NASL description According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded last seen 2020-05-03 modified 2020-02-25 plugin id 134014 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134014 title EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(134014); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01"); script_cve_id( "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-9936", "CVE-2019-9937" ); script_name(english:"EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.(CVE-2019-19959) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1180 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0306fd0"); script_set_attribute(attribute:"solution", value: "Update the affected sqlite packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9936"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["sqlite-3.24.0-2.h10.eulerosv2r8", "sqlite-devel-3.24.0-2.h10.eulerosv2r8", "sqlite-doc-3.24.0-2.h10.eulerosv2r8", "sqlite-libs-3.24.0-2.h10.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1364.NASL description According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded last seen 2020-04-07 modified 2020-04-02 plugin id 135151 published 2020-04-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135151 title EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(135151); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06"); script_cve_id( "CVE-2018-20505", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-9327" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.(CVE-2019-19959) - SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).(CVE-2018-20505) - In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.(CVE-2020-9327) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1364 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75596371"); script_set_attribute(attribute:"solution", value: "Update the affected sqlite packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9936"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["sqlite-3.24.0-2.h12.eulerosv2r8", "sqlite-libs-3.24.0-2.h12.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1562.NASL description According to the versions of the sqlite package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19924) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.(CVE-2019-20218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2020-05-01 plugin id 136265 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136265 title EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1562) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(136265); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19926", "CVE-2019-20218" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1562)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the sqlite package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19924) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.(CVE-2019-20218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1562 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ec4a7cb0"); script_set_attribute(attribute:"solution", value: "Update the affected sqlite packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["sqlite-3.7.17-8.h9"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0514.NASL description An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 80.0.3987.87. Security Fix(es) : * chromium-browser: Integer overflow in JavaScript (CVE-2020-6381) * chromium-browser: Type Confusion in JavaScript (CVE-2020-6382) * chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387) * chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389) * chromium-browser: Out of bounds memory access in streams (CVE-2020-6390) * libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197) * sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880) * sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) * sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926) * chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394) * chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395) * chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396) * chromium-browser: Incorrect security UI in sharing (CVE-2020-6397) * chromium-browser: Uninitialized use in PDFium (CVE-2020-6398) * chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399) * chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402) * chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404) * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405) * chromium-browser: Use after free in audio (CVE-2020-6406) * chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408) * chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409) * chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413) * chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414) * chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415) * chromium-browser: Insufficient data validation in streams (CVE-2020-6416) * chromium-browser: Inappropriate implementation in installer (CVE-2020-6417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-02 modified 2020-02-18 plugin id 133749 published 2020-02-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133749 title RHEL 6 : chromium-browser (RHSA-2020:0514) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0514. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(133749); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id("CVE-2019-18197", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19925", "CVE-2019-19926", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6385", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6403", "CVE-2020-6404", "CVE-2020-6405", "CVE-2020-6406", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6417"); script_xref(name:"RHSA", value:"2020:0514"); script_name(english:"RHEL 6 : chromium-browser (RHSA-2020:0514)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 80.0.3987.87. Security Fix(es) : * chromium-browser: Integer overflow in JavaScript (CVE-2020-6381) * chromium-browser: Type Confusion in JavaScript (CVE-2020-6382) * chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387) * chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389) * chromium-browser: Out of bounds memory access in streams (CVE-2020-6390) * libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197) * sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880) * sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) * sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926) * chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394) * chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395) * chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396) * chromium-browser: Incorrect security UI in sharing (CVE-2020-6397) * chromium-browser: Uninitialized use in PDFium (CVE-2020-6398) * chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399) * chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402) * chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404) * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405) * chromium-browser: Use after free in audio (CVE-2020-6406) * chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408) * chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409) * chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413) * chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414) * chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415) * chromium-browser: Insufficient data validation in streams (CVE-2020-6416) * chromium-browser: Inappropriate implementation in installer (CVE-2020-6417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0514" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-18197" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-19880" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-19923" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-19925" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-19926" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6381" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6382" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6385" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6387" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6388" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6389" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6390" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6391" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6392" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6393" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6394" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6395" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6396" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6397" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6398" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6399" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6400" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6401" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6402" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6403" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6404" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6405" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6406" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6408" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6409" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6410" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6411" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6412" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6413" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6414" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6415" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6416" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2020-6417" ); script_set_attribute( attribute:"solution", value: "Update the affected chromium-browser and / or chromium-browser-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6406"); script_cwe_id(125, 20, 416, 476, 476, 476); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras:6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/18"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'chromium-browser-80.0.3987.87-1.el6_10', 'cpu':'i686', 'release':'6', 'allowmaj':TRUE}, {'reference':'chromium-browser-80.0.3987.87-1.el6_10', 'cpu':'x86_64', 'release':'6', 'allowmaj':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser'); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-189.NASL description This update for chromium fixes the following issues : Chromium was updated to version 80.0.3987.87 (boo#1162833). Security issues fixed : - CVE-2020-6381: Integer overflow in JavaScript (boo#1162833). - CVE-2020-6382: Type Confusion in JavaScript (boo#1162833). - CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833). - CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833). - CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833). - CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833). - CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833). - CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6390: Out of bounds memory access in streams (boo#1162833). - CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833). - CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833). - CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833). - CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833). - CVE-2020-6397: Incorrect security UI in sharing (boo#1162833). - CVE-2020-6398: Uninitialized use in PDFium (boo#1162833). - CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833). - CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833). - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833). - CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833). - CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6405: Out of bounds read in SQLite (boo#1162833). - CVE-2020-6406: Use after free in audio (boo#1162833). - CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833). - CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833). - CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833). - CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833). - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833). - CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833). - CVE-2020-6416: Insufficient data validation in streams (boo#1162833). - CVE-2020-6417: Inappropriate implementation in installer (boo#1162833). last seen 2020-05-31 modified 2020-02-10 plugin id 133593 published 2020-02-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133593 title openSUSE Security Update : chromium (openSUSE-2020-189)
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
- https://access.redhat.com/errata/RHSA-2020:0514
- https://access.redhat.com/errata/RHSA-2020:0514
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
- https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
- https://security.netapp.com/advisory/ntap-20200114-0001/
- https://security.netapp.com/advisory/ntap-20200114-0001/
- https://usn.ubuntu.com/4298-1/
- https://usn.ubuntu.com/4298-1/
- https://www.debian.org/security/2020/dsa-4638
- https://www.debian.org/security/2020/dsa-4638
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html