Vulnerabilities > CVE-2019-19925 - Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

Part	Description	Count
Application	Sqlite Sqlite Sqlite 3.30.1	1
Application	Siemens Siemens Sinec Infrastructure Network Services *	1
Application	Oracle Oracle Mysql Workbench - Oracle Mysql Workbench 5.2.47 Oracle Mysql Workbench 6.0.9 Oracle Mysql Workbench 6.1.7 Oracle Mysql Workbench 6.2.5 Oracle Mysql Workbench 6.3.8 Oracle Mysql Workbench 6.3.10 Oracle Mysql Workbench 8.0.12 Oracle Mysql Workbench 8.0.13 Oracle Mysql Workbench 8.0.14 Oracle Mysql Workbench 8.0.15 Oracle Mysql Workbench 8.0.16 Oracle Mysql Workbench 8.0.17 Oracle Mysql Workbench 8.0.18 Oracle Mysql Workbench 8.0.19	15
Application	Suse Suse Package HUB -	1
Application	Opensuse Opensuse Backports SLE 15.0	1
Application	Netapp Netapp Cloud Backup -	1
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0	2
OS	Redhat Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 6.0	3
OS	Suse Suse Linux Enterprise 12.0	1
OS	Opensuse Opensuse Leap 15.1	1

Common Weakness Enumeration (CWE)

CWE-434 - Unrestricted Upload of File with Dangerous Type

Common Attack Pattern Enumeration and Classification (CAPEC)

Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by the authorization framework, whose job it is to map ACLs to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application or can run queries for data that he is otherwise not supposed to.
Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts. This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1810.NASL
description	The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. - sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752) - sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753) - sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) - sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924) - sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) - sqlite: mishandles certain uses of INSERT INTO in situations involving embedded
last seen	2020-04-30
modified	2020-04-28
plugin id	136056
published	2020-04-28
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136056
title	RHEL 8 : sqlite (RHSA-2020:1810)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1810. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136056); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/29"); script_cve_id( "CVE-2019-8457", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959" ); script_xref(name:"RHSA", value:"2020:1810"); script_name(english:"RHEL 8 : sqlite (RHSA-2020:1810)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. - sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752) - sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753) - sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) - sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924) - sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) - sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames (CVE-2019-19959) - sqlite: heap out-of-bound read in function rtreenode() (CVE-2019-8457) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/391.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/626.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1810"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13752"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13753"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19923"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19924"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19925"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19959"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-8457"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1716881"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1781999"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1782000"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788842"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788846"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788866"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1789595"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8457"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20, 125, 391, 476, 626); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8::baseos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:lemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-libs"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'lemon-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'lemon-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'lemon-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-doc-3.26.0-6.el8', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-debugsource / etc'); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-2_0-0204_SQLITE.NASL
description	An update of the sqlite package has been released.
last seen	2020-03-17
modified	2020-02-06
plugin id	133500
published	2020-02-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133500
title	Photon OS 2.0: Sqlite PHSA-2020-2.0-0204

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4638.NASL
description	Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library. - CVE-2020-6381 UK
last seen	2020-03-17
modified	2020-03-12
plugin id	134433
published	2020-03-12
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134433
title	Debian DSA-4638-1 : chromium - security update

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4298-1.NASL
description	It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923) It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924) It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218) It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2020-03-11
plugin id	134402
published	2020-03-11
reporter	Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134402
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : sqlite3 vulnerabilities (USN-4298-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1180.NASL
description	According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded
last seen	2020-05-03
modified	2020-02-25
plugin id	134014
published	2020-02-25
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134014
title	EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1364.NASL
description	According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937) - In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936) - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925) - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924) - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923) - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926) - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218) - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded
last seen	2020-04-07
modified	2020-04-02
plugin id	135151
published	2020-04-02
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135151
title	EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-1_0-0270_SQLITE.NASL
description	An update of the sqlite package has been released.
last seen	2020-03-17
modified	2020-02-06
plugin id	133503
published	2020-02-06
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133503
title	Photon OS 1.0: Sqlite PHSA-2020-1.0-0270

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0514.NASL
description	An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 80.0.3987.87. Security Fix(es) : * chromium-browser: Integer overflow in JavaScript (CVE-2020-6381) * chromium-browser: Type Confusion in JavaScript (CVE-2020-6382) * chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387) * chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388) * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389) * chromium-browser: Out of bounds memory access in streams (CVE-2020-6390) * libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197) * sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880) * sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) * sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926) * chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394) * chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395) * chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396) * chromium-browser: Incorrect security UI in sharing (CVE-2020-6397) * chromium-browser: Uninitialized use in PDFium (CVE-2020-6398) * chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399) * chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402) * chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404) * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405) * chromium-browser: Use after free in audio (CVE-2020-6406) * chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408) * chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409) * chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411) * chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413) * chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414) * chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415) * chromium-browser: Insufficient data validation in streams (CVE-2020-6416) * chromium-browser: Inappropriate implementation in installer (CVE-2020-6417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-02
modified	2020-02-18
plugin id	133749
published	2020-02-18
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133749
title	RHEL 6 : chromium-browser (RHSA-2020:0514)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2020-189.NASL
description	This update for chromium fixes the following issues : Chromium was updated to version 80.0.3987.87 (boo#1162833). Security issues fixed : - CVE-2020-6381: Integer overflow in JavaScript (boo#1162833). - CVE-2020-6382: Type Confusion in JavaScript (boo#1162833). - CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833). - CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833). - CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833). - CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833). - CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833). - CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6390: Out of bounds memory access in streams (boo#1162833). - CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833). - CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833). - CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833). - CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833). - CVE-2020-6397: Incorrect security UI in sharing (boo#1162833). - CVE-2020-6398: Uninitialized use in PDFium (boo#1162833). - CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833). - CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833). - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833). - CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833). - CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6405: Out of bounds read in SQLite (boo#1162833). - CVE-2020-6406: Use after free in audio (boo#1162833). - CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833). - CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833). - CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833). - CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833). - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833). - CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833). - CVE-2020-6416: Insufficient data validation in streams (boo#1162833). - CVE-2020-6417: Inappropriate implementation in installer (boo#1162833).
last seen	2020-05-31
modified	2020-02-10
plugin id	133593
published	2020-02-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133593
title	openSUSE Security Update : chromium (openSUSE-2020-189)

Redhat

advisories

rhsa

id	RHSA-2020:0514

rpms

chromium-browser-0:80.0.3987.87-1.el6_10
chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10
lemon-0:3.26.0-6.el8
lemon-debuginfo-0:3.26.0-6.el8
sqlite-0:3.26.0-6.el8
sqlite-analyzer-debuginfo-0:3.26.0-6.el8
sqlite-debuginfo-0:3.26.0-6.el8
sqlite-debugsource-0:3.26.0-6.el8
sqlite-devel-0:3.26.0-6.el8
sqlite-doc-0:3.26.0-6.el8
sqlite-libs-0:3.26.0-6.el8
sqlite-libs-debuginfo-0:3.26.0-6.el8
sqlite-tcl-debuginfo-0:3.26.0-6.el8

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References