Vulnerabilities > CVE-2019-19880 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0200_SQLITE.NASL
    descriptionAn update of the sqlite package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id132989
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132989
    titlePhoton OS 2.0: Sqlite PHSA-2020-2.0-0200
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-2.0-0200. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132989);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/18");
    
      script_cve_id("CVE-2019-19645", "CVE-2019-19880", "CVE-2019-20218");
    
      script_name(english:"Photon OS 2.0: Sqlite PHSA-2020-2.0-0200");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the sqlite package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-200.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-20218");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_exists(rpm:"sqlite-3.30", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"sqlite-3.30.1-1.ph2")) flag++;
    if (rpm_exists(rpm:"sqlite-3.30", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"src", reference:"sqlite-3.30.1-1.ph2.src")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"sqlite-debuginfo-3.30.1-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"sqlite-devel-3.30.1-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"sqlite-libs-3.30.1-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4638.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library. - CVE-2020-6381 UK
    last seen2020-03-17
    modified2020-03-12
    plugin id134433
    published2020-03-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134433
    titleDebian DSA-4638-1 : chromium - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4638. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134433);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16");
    
      script_cve_id("CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19925", "CVE-2019-19926", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6383", "CVE-2020-6384", "CVE-2020-6385", "CVE-2020-6386", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6403", "CVE-2020-6404", "CVE-2020-6405", "CVE-2020-6406", "CVE-2020-6407", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6418", "CVE-2020-6420");
      script_xref(name:"DSA", value:"4638");
    
      script_name(english:"Debian DSA-4638-1 : chromium - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the chromium web
    browser.
    
      - CVE-2019-19880
        Richard Lorenz discovered an issue in the sqlite
        library.
    
      - CVE-2019-19923
        Richard Lorenz discovered an out-of-bounds read issue in
        the sqlite library.
    
      - CVE-2019-19925
        Richard Lorenz discovered an issue in the sqlite
        library.
    
      - CVE-2019-19926
        Richard Lorenz discovered an implementation error in the
        sqlite library.
    
      - CVE-2020-6381
        UK's National Cyber Security Centre discovered an
        integer overflow issue in the v8 JavaScript library.
    
      - CVE-2020-6382
        Soyeon Park and Wen Xu discovered a type error in the v8
        JavaScript library.
    
      - CVE-2020-6383
        Sergei Glazunov discovered a type error in the v8
        JavaScript library.
    
      - CVE-2020-6384
        David Manoucheri discovered a use-after-free issue in
        WebAudio.
    
      - CVE-2020-6385
        Sergei Glazunov discovered a policy enforcement error.
    
      - CVE-2020-6386
        Zhe Jin discovered a use-after-free issue in speech
        processing.
    
      - CVE-2020-6387
        Natalie Silvanovich discovered an out-of-bounds write
        error in the WebRTC implementation.
    
      - CVE-2020-6388
        Sergei Glazunov discovered an out-of-bounds read error
        in the WebRTC implementation.
    
      - CVE-2020-6389
        Natalie Silvanovich discovered an out-of-bounds write
        error in the WebRTC implementation.
    
      - CVE-2020-6390
        Sergei Glazunov discovered an out-of-bounds read error.
    
      - CVE-2020-6391
        Michal Bentkowski discoverd that untrusted input was
        insufficiently validated.
    
      - CVE-2020-6392
        The Microsoft Edge Team discovered a policy enforcement
        error.
    
      - CVE-2020-6393
        Mark Amery discovered a policy enforcement error.
    
      - CVE-2020-6394
        Phil Freo discovered a policy enforcement error.
    
      - CVE-2020-6395
        Pierre Langlois discovered an out-of-bounds read error
        in the v8 JavaScript library.
    
      - CVE-2020-6396
        William Luc Ritchie discovered an error in the skia
        library.
    
      - CVE-2020-6397
        Khalil Zhani discovered a user interface error.
    
      - CVE-2020-6398
        pdknsk discovered an uninitialized variable in the
        pdfium library.
    
      - CVE-2020-6399
        Luan Herrera discovered a policy enforcement error.
    
      - CVE-2020-6400
        Takashi Yoneuchi discovered an error in Cross-Origin
        Resource Sharing.
    
      - CVE-2020-6401
        Tzachy Horesh discovered that user input was
        insufficiently validated.
    
      - CVE-2020-6402
        Vladimir Metnew discovered a policy enforcement error.
    
      - CVE-2020-6403
        Khalil Zhani discovered a user interface error.
    
      - CVE-2020-6404
        kanchi discovered an error in Blink/Webkit.
    
      - CVE-2020-6405
        Yongheng Chen and Rui Zhong discovered an out-of-bounds
        read issue in the sqlite library.
    
      - CVE-2020-6406
        Sergei Glazunov discovered a use-after-free issue.
    
      - CVE-2020-6407
        Sergei Glazunov discovered an out-of-bounds read error.
    
      - CVE-2020-6408
        Zhong Zhaochen discovered a policy enforcement error in
        Cross-Origin Resource Sharing.
    
      - CVE-2020-6409
        Divagar S and Bharathi V discovered an error in the
        omnibox implementation.
    
      - CVE-2020-6410
        evil1m0 discovered a policy enforcement error.
    
      - CVE-2020-6411
        Khalil Zhani discovered that user input was
        insufficiently validated.
    
      - CVE-2020-6412
        Zihan Zheng discovered that user input was
        insufficiently validated.
    
      - CVE-2020-6413
        Michal Bentkowski discovered an error in Blink/Webkit.
    
      - CVE-2020-6414
        Lijo A.T discovered a policy safe browsing policy
        enforcement error.
    
      - CVE-2020-6415
        Avihay Cohen discovered an implementation error in the
        v8 JavaScript library.
    
      - CVE-2020-6416
        Woojin Oh discovered that untrusted input was
        insufficiently validated.
    
      - CVE-2020-6418
        Clement Lecigne discovered a type error in the v8
        JavaScript library.
    
      - CVE-2020-6420
        Taras Uzdenov discovered a policy enforcement error."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-19880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-19923"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-19925"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-19926"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6383"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6384"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6385"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6386"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6394"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6395"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6397"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6398"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6399"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6401"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6406"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6411"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6414"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6418"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-6420"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/chromium"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/buster/chromium"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2020/dsa-4638"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the chromium packages.
    
    For the oldstable distribution (stretch), security support for
    chromium has been discontinued.
    
    For the stable distribution (buster), these problems have been fixed
    in version 80.0.3987.132-1~deb10u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 80 JSCreate side-effect type confusion exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"10.0", prefix:"chromium", reference:"80.0.3987.132-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-common", reference:"80.0.3987.132-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-driver", reference:"80.0.3987.132-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-l10n", reference:"80.0.3987.132-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-sandbox", reference:"80.0.3987.132-1~deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"chromium-shell", reference:"80.0.3987.132-1~deb10u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0264_SQLITE.NASL
    descriptionAn update of the sqlite package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id132984
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132984
    titlePhoton OS 1.0: Sqlite PHSA-2020-1.0-0264
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0264. The text
    # itself is copyright (C) VMware, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132984);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/18");
    
      script_cve_id(
        "CVE-2019-19317",
        "CVE-2019-19603",
        "CVE-2019-19645",
        "CVE-2019-19646",
        "CVE-2019-19880",
        "CVE-2019-20218"
      );
    
      script_name(english:"Photon OS 1.0: Sqlite PHSA-2020-1.0-0264");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the sqlite package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-264.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-20218");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"sqlite-autoconf-3.30.1-2.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1132.NASL
    descriptionAccording to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-02-24
    plugin id133933
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133933
    titleEulerOS 2.0 SP5 : sqlite (EulerOS-SA-2020-1132)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133933);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2019-19923",
        "CVE-2019-19924",
        "CVE-2019-19926",
        "CVE-2019-20218"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2020-1132)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the sqlite packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - flattenSubquery in select.c in SQLite 3.30.1 mishandles
        certain uses of SELECT DISTINCT involving a LEFT JOIN
        in which the right-hand side is a view. This can cause
        a NULL pointer dereference (or incorrect
        results).(CVE-2019-19923)
    
      - multiSelect in select.c in SQLite 3.30.1 mishandles
        certain errors during parsing, as demonstrated by
        errors from sqlite3WindowRewrite() calls. NOTE: this
        vulnerability exists because of an incomplete fix for
        CVE-2019-19880.(CVE-2019-19926)
    
      - selectExpander in select.c in SQLite 3.30.1 proceeds
        with WITH stack unwinding even after a parsing
        error.(CVE-2019-20218)
    
      - SQLite 3.30.1 mishandles certain parser-tree rewriting,
        related to expr.c, vdbeaux.c, and window.c. This is
        caused by incorrect sqlite3WindowRewrite() error
        handling.(CVE-2019-19924)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1132
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?90078534");
      script_set_attribute(attribute:"solution", value:
    "Update the affected sqlite packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19924");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["sqlite-3.7.17-8.h9.eulerosv2r7",
            "sqlite-devel-3.7.17-8.h9.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4298-1.NASL
    descriptionIt was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923) It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924) It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218) It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-03-11
    plugin id134402
    published2020-03-11
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134402
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : sqlite3 vulnerabilities (USN-4298-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4298-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134402);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
    
      script_cve_id("CVE-2019-13734", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2020-9327");
      script_xref(name:"USN", value:"4298-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : sqlite3 vulnerabilities (USN-4298-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that SQLite incorrectly handled certain shadow
    tables. An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753)
    
    It was discovered that SQLite incorrectly handled certain corrupt
    records. An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    (CVE-2019-13751)
    
    It was discovered that SQLite incorrectly handled certain queries. An
    attacker could use this issue to cause SQLite to crash, resulting in a
    denial of service, or possibly execute arbitrary code. This issue only
    affected Ubuntu 19.10. (CVE-2019-19880)
    
    It was discovered that SQLite incorrectly handled certain queries. An
    attacker could use this issue to cause SQLite to crash, resulting in a
    denial of service, or possibly execute arbitrary code. This issue only
    affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923)
    
    It was discovered that SQLite incorrectly handled parser tree
    rewriting. An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    This issue only affected Ubuntu 19.10. (CVE-2019-19924)
    
    It was discovered that SQLite incorrectly handled certain ZIP
    archives. An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.
    (CVE-2019-19925, CVE-2019-19959)
    
    It was discovered that SQLite incorrectly handled errors during
    parsing. An attacker could use this issue to cause SQLite to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    (CVE-2019-19926)
    
    It was discovered that SQLite incorrectly handled parsing errors. An
    attacker could use this issue to cause SQLite to crash, resulting in a
    denial of service, or possibly execute arbitrary code.
    (CVE-2019-20218)
    
    It was discovered that SQLite incorrectly handled generated column
    optimizations. An attacker could use this issue to cause SQLite to
    crash, resulting in a denial of service, or possibly execute arbitrary
    code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.
    (CVE-2020-9327).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4298-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libsqlite3-0 and / or sqlite3 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsqlite3-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sqlite3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"libsqlite3-0", pkgver:"3.11.0-1ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"sqlite3", pkgver:"3.11.0-1ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libsqlite3-0", pkgver:"3.22.0-1ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"sqlite3", pkgver:"3.22.0-1ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"libsqlite3-0", pkgver:"3.29.0-2ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"sqlite3", pkgver:"3.29.0-2ubuntu0.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsqlite3-0 / sqlite3");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1180.NASL
    descriptionAccording to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded
    last seen2020-05-03
    modified2020-02-25
    plugin id134014
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134014
    titleEulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134014);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2019-19923",
        "CVE-2019-19924",
        "CVE-2019-19925",
        "CVE-2019-19926",
        "CVE-2019-19959",
        "CVE-2019-20218",
        "CVE-2019-9936",
        "CVE-2019-9937"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the sqlite packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - multiSelect in select.c in SQLite 3.30.1 mishandles
        certain errors during parsing, as demonstrated by
        errors from sqlite3WindowRewrite() calls. NOTE: this
        vulnerability exists because of an incomplete fix for
        CVE-2019-19880.(CVE-2019-19926)
    
      - flattenSubquery in select.c in SQLite 3.30.1 mishandles
        certain uses of SELECT DISTINCT involving a LEFT JOIN
        in which the right-hand side is a view. This can cause
        a NULL pointer dereference (or incorrect
        results).(CVE-2019-19923)
    
      - SQLite 3.30.1 mishandles certain parser-tree rewriting,
        related to expr.c, vdbeaux.c, and window.c. This is
        caused by incorrect sqlite3WindowRewrite() error
        handling.(CVE-2019-19924)
    
      - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1
        mishandles a NULL pathname during an update of a ZIP
        archive.(CVE-2019-19925)
    
      - In SQLite 3.27.2, running fts5 prefix queries inside a
        transaction could trigger a heap-based buffer over-read
        in fts5HashEntrySort in sqlite3.c, which may lead to an
        information leak. This is related to
        ext/fts5/fts5_hash.c.(CVE-2019-9936)
    
      - In SQLite 3.27.2, interleaving reads and writes in a
        single transaction with an fts5 virtual table will lead
        to a NULL Pointer Dereference in fts5ChunkIterate in
        sqlite3.c. This is related to ext/fts5/fts5_hash.c and
        ext/fts5/fts5_index.c.(CVE-2019-9937)
    
      - selectExpander in select.c in SQLite 3.30.1 proceeds
        with WITH stack unwinding even after a parsing
        error.(CVE-2019-20218)
    
      - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain
        uses of INSERT INTO in situations involving embedded
        '\0' characters in filenames, leading to a
        memory-management error that can be detected by (for
        example) valgrind.(CVE-2019-19959)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1180
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0306fd0");
      script_set_attribute(attribute:"solution", value:
    "Update the affected sqlite packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9936");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["sqlite-3.24.0-2.h10.eulerosv2r8",
            "sqlite-devel-3.24.0-2.h10.eulerosv2r8",
            "sqlite-doc-3.24.0-2.h10.eulerosv2r8",
            "sqlite-libs-3.24.0-2.h10.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1364.NASL
    descriptionAccording to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded
    last seen2020-04-07
    modified2020-04-02
    plugin id135151
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135151
    titleEulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135151);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06");
    
      script_cve_id(
        "CVE-2018-20505",
        "CVE-2019-19923",
        "CVE-2019-19924",
        "CVE-2019-19925",
        "CVE-2019-19926",
        "CVE-2019-19959",
        "CVE-2019-20218",
        "CVE-2019-9936",
        "CVE-2019-9937",
        "CVE-2020-9327"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the sqlite packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - In SQLite 3.27.2, interleaving reads and writes in a
        single transaction with an fts5 virtual table will lead
        to a NULL Pointer Dereference in fts5ChunkIterate in
        sqlite3.c. This is related to ext/fts5/fts5_hash.c and
        ext/fts5/fts5_index.c.(CVE-2019-9937)
    
      - In SQLite 3.27.2, running fts5 prefix queries inside a
        transaction could trigger a heap-based buffer over-read
        in fts5HashEntrySort in sqlite3.c, which may lead to an
        information leak. This is related to
        ext/fts5/fts5_hash.c.(CVE-2019-9936)
    
      - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1
        mishandles a NULL pathname during an update of a ZIP
        archive.(CVE-2019-19925)
    
      - SQLite 3.30.1 mishandles certain parser-tree rewriting,
        related to expr.c, vdbeaux.c, and window.c. This is
        caused by incorrect sqlite3WindowRewrite() error
        handling.(CVE-2019-19924)
    
      - flattenSubquery in select.c in SQLite 3.30.1 mishandles
        certain uses of SELECT DISTINCT involving a LEFT JOIN
        in which the right-hand side is a view. This can cause
        a NULL pointer dereference (or incorrect
        results).(CVE-2019-19923)
    
      - multiSelect in select.c in SQLite 3.30.1 mishandles
        certain errors during parsing, as demonstrated by
        errors from sqlite3WindowRewrite() calls. NOTE: this
        vulnerability exists because of an incomplete fix for
        CVE-2019-19880.(CVE-2019-19926)
    
      - selectExpander in select.c in SQLite 3.30.1 proceeds
        with WITH stack unwinding even after a parsing
        error.(CVE-2019-20218)
    
      - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain
        uses of INSERT INTO in situations involving embedded
        '\0' characters in filenames, leading to a
        memory-management error that can be detected by (for
        example) valgrind.(CVE-2019-19959)
    
      - SQLite 3.25.2, when queries are run on a table with a
        malformed PRIMARY KEY, allows remote attackers to cause
        a denial of service (application crash) by leveraging
        the ability to run arbitrary SQL statements (such as in
        certain WebSQL use cases).(CVE-2018-20505)
    
      - In SQLite 3.31.1, isAuxiliaryVtabOperator allows
        attackers to trigger a NULL pointer dereference and
        segmentation fault because of generated column
        optimizations.(CVE-2020-9327)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1364
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75596371");
      script_set_attribute(attribute:"solution", value:
    "Update the affected sqlite packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9936");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["sqlite-3.24.0-2.h12.eulerosv2r8",
            "sqlite-libs-3.24.0-2.h12.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1562.NASL
    descriptionAccording to the versions of the sqlite package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19924) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.(CVE-2019-20218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2020-05-01
    plugin id136265
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136265
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1562)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136265);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2019-19923",
        "CVE-2019-19924",
        "CVE-2019-19926",
        "CVE-2019-20218"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1562)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the sqlite package installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - multiSelect in select.c in SQLite 3.30.1 mishandles
        certain errors during parsing, as demonstrated by
        errors from sqlite3WindowRewrite() calls. NOTE: this
        vulnerability exists because of an incomplete fix for
        CVE-2019-19880.(CVE-2019-19924)
    
      - SQLite 3.30.1 mishandles certain parser-tree rewriting,
        related to expr.c, vdbeaux.c, and window.c. This is
        caused by incorrect sqlite3WindowRewrite() error
        handling.(CVE-2019-19923)
    
      - multiSelect in select.c in SQLite 3.30.1 mishandles
        certain errors during parsing, as demonstrated by
        errors from sqlite3WindowRewrite() calls. NOTE: this
        vulnerability exists because of an incomplete fix for
        CVE-2019-19880.(CVE-2019-19926)
    
      - The XSLoader::load method in XSLoader in Perl does not
        properly locate .so files when called in a string eval,
        which might allow local users to execute arbitrary code
        via a Trojan horse library under the current working
        directory.(CVE-2019-20218)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1562
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ec4a7cb0");
      script_set_attribute(attribute:"solution", value:
    "Update the affected sqlite packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["sqlite-3.7.17-8.h9"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0514.NASL
    descriptionAn update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 80.0.3987.87. Security Fix(es) : * chromium-browser: Integer overflow in JavaScript (CVE-2020-6381) * chromium-browser: Type Confusion in JavaScript (CVE-2020-6382) * chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387) * chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389) * chromium-browser: Out of bounds memory access in streams (CVE-2020-6390) * libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197) * sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880) * sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) * sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926) * chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394) * chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395) * chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396) * chromium-browser: Incorrect security UI in sharing (CVE-2020-6397) * chromium-browser: Uninitialized use in PDFium (CVE-2020-6398) * chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399) * chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402) * chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404) * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405) * chromium-browser: Use after free in audio (CVE-2020-6406) * chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408) * chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409) * chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413) * chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414) * chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415) * chromium-browser: Insufficient data validation in streams (CVE-2020-6416) * chromium-browser: Inappropriate implementation in installer (CVE-2020-6417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-02
    modified2020-02-18
    plugin id133749
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133749
    titleRHEL 6 : chromium-browser (RHSA-2020:0514)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:0514. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133749);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id("CVE-2019-18197", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19925", "CVE-2019-19926", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6385", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6403", "CVE-2020-6404", "CVE-2020-6405", "CVE-2020-6406", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6417");
      script_xref(name:"RHSA", value:"2020:0514");
    
      script_name(english:"RHEL 6 : chromium-browser (RHSA-2020:0514)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for chromium-browser is now available for Red Hat Enterprise
    Linux 6 Supplementary.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Chromium is an open source web browser, powered by WebKit (Blink).
    
    This update upgrades Chromium to version 80.0.3987.87.
    
    Security Fix(es) :
    
    * chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)
    
    * chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)
    
    * chromium-browser: Insufficient policy enforcement in storage
    (CVE-2020-6385)
    
    * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)
    
    * chromium-browser: Out of bounds memory access in WebAudio
    (CVE-2020-6388)
    
    * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)
    
    * chromium-browser: Out of bounds memory access in streams
    (CVE-2020-6390)
    
    * libxslt: use after free in xsltCopyText in transform.c could lead to
    information disclosure (CVE-2019-18197)
    
    * sqlite: invalid pointer dereference in exprListAppendList in
    window.c (CVE-2019-19880)
    
    * sqlite: mishandling of certain uses of SELECT DISTINCT involving a
    LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer
    dereference (CVE-2019-19923)
    
    * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL
    pathname during an update of a ZIP archive (CVE-2019-19925)
    
    * sqlite: error mishandling because of incomplete fix of
    CVE-2019-19880 (CVE-2019-19926)
    
    * chromium-browser: Insufficient validation of untrusted input in
    Blink (CVE-2020-6391)
    
    * chromium-browser: Insufficient policy enforcement in extensions
    (CVE-2020-6392)
    
    * chromium-browser: Insufficient policy enforcement in Blink
    (CVE-2020-6393)
    
    * chromium-browser: Insufficient policy enforcement in Blink
    (CVE-2020-6394)
    
    * chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)
    
    * chromium-browser: Inappropriate implementation in Skia
    (CVE-2020-6396)
    
    * chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)
    
    * chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)
    
    * chromium-browser: Insufficient policy enforcement in AppCache
    (CVE-2020-6399)
    
    * chromium-browser: Inappropriate implementation in CORS
    (CVE-2020-6400)
    
    * chromium-browser: Insufficient validation of untrusted input in
    Omnibox (CVE-2020-6401)
    
    * chromium-browser: Insufficient policy enforcement in downloads
    (CVE-2020-6402)
    
    * chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)
    
    * chromium-browser: Inappropriate implementation in Blink
    (CVE-2020-6404)
    
    * sqlite: Out-of-bounds read in SELECT with ON/USING clause
    (CVE-2020-6405)
    
    * chromium-browser: Use after free in audio (CVE-2020-6406)
    
    * chromium-browser: Insufficient policy enforcement in CORS
    (CVE-2020-6408)
    
    * chromium-browser: Inappropriate implementation in Omnibox
    (CVE-2020-6409)
    
    * chromium-browser: Insufficient policy enforcement in navigation
    (CVE-2020-6410)
    
    * chromium-browser: Insufficient validation of untrusted input in
    Omnibox (CVE-2020-6411)
    
    * chromium-browser: Insufficient validation of untrusted input in
    Omnibox (CVE-2020-6412)
    
    * chromium-browser: Inappropriate implementation in Blink
    (CVE-2020-6413)
    
    * chromium-browser: Insufficient policy enforcement in Safe Browsing
    (CVE-2020-6414)
    
    * chromium-browser: Inappropriate implementation in JavaScript
    (CVE-2020-6415)
    
    * chromium-browser: Insufficient data validation in streams
    (CVE-2020-6416)
    
    * chromium-browser: Inappropriate implementation in installer
    (CVE-2020-6417)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-18197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-19880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-19923"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-19925"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-19926"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6385"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6394"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6395"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6397"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6398"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6399"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6401"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6406"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6411"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6414"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2020-6417"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Update the affected chromium-browser and / or
    chromium-browser-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6406");
      script_cwe_id(125, 20, 416, 476, 476, 476);
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras:6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'chromium-browser-80.0.3987.87-1.el6_10', 'cpu':'i686', 'release':'6', 'allowmaj':TRUE},
        {'reference':'chromium-browser-80.0.3987.87-1.el6_10', 'cpu':'x86_64', 'release':'6', 'allowmaj':TRUE}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser');
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-189.NASL
    descriptionThis update for chromium fixes the following issues : Chromium was updated to version 80.0.3987.87 (boo#1162833). Security issues fixed : - CVE-2020-6381: Integer overflow in JavaScript (boo#1162833). - CVE-2020-6382: Type Confusion in JavaScript (boo#1162833). - CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833). - CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833). - CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833). - CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833). - CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833). - CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6390: Out of bounds memory access in streams (boo#1162833). - CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833). - CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833). - CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833). - CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833). - CVE-2020-6397: Incorrect security UI in sharing (boo#1162833). - CVE-2020-6398: Uninitialized use in PDFium (boo#1162833). - CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833). - CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833). - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833). - CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833). - CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6405: Out of bounds read in SQLite (boo#1162833). - CVE-2020-6406: Use after free in audio (boo#1162833). - CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833). - CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833). - CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833). - CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833). - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833). - CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833). - CVE-2020-6416: Insufficient data validation in streams (boo#1162833). - CVE-2020-6417: Inappropriate implementation in installer (boo#1162833).
    last seen2020-05-31
    modified2020-02-10
    plugin id133593
    published2020-02-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133593
    titleopenSUSE Security Update : chromium (openSUSE-2020-189)

Redhat

advisories
rhsa
idRHSA-2020:0514
rpms
  • chromium-browser-0:80.0.3987.87-1.el6_10
  • chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10