SOFTWARE:
StoreBot 2002 Standard Edition
http://secunia.com/product/8473/
DESCRIPTION:
KeyShore and Yog have reported a vulnerability in StoreBot 2002
Standard Edition, which can be exploited by malicious people to
conduct script insertion attacks.
Input passed to the "ShipMethod" parameter in "manage.asp" isn't
properly sanitised before being used. This can be exploited to inject
arbitrary HTML and script code, which will be executed in a user's
browser session in context of an affected site when the malicious
user data is viewed.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
{"id": "SECURITYVULNS:DOC:11655", "bulletinFamily": "software", "title": "[SA19060] StoreBot 2002 Standard Edition "ShipMethod" Script Insertion", "description": "\r\nTITLE:\r\nStoreBot 2002 Standard Edition "ShipMethod" Script Insertion\r\n\r\nSECUNIA ADVISORY ID:\r\nSA19060\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/19060/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nCross Site Scripting\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\nStoreBot 2002 Standard Edition\r\nhttp://secunia.com/product/8473/\r\n\r\nDESCRIPTION:\r\nKeyShore and Yog have reported a vulnerability in StoreBot 2002\r\nStandard Edition, which can be exploited by malicious people to\r\nconduct script insertion attacks.\r\n\r\nInput passed to the "ShipMethod" parameter in "manage.asp" isn't\r\nproperly sanitised before being used. This can be exploited to inject\r\narbitrary HTML and script code, which will be executed in a user's\r\nbrowser session in context of an affected site when the malicious\r\nuser data is viewed.\r\n\r\nExample:\r\nhttp://[victim]/manage.asp?Pwd=password&iState=53&ShipMethod=[code]&Selected=ON&ShipBase2=0.00&\r\nShipBase1=0.00&ShipUnit2=1&ShipUnit1=0.00&ShipPrice2=0.00&ShipPrice1=0.00&B1=Add\r\n\r\nSOLUTION:\r\nEdit the source code to ensure that input is properly sanitised.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nKeyShore and Yog\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "published": "2006-03-01T00:00:00", "modified": "2006-03-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11655", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:16", "edition": 1, "viewCount": 7, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2018-08-31T11:10:16", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["DEBIAN_DLA-2203.NASL", "SUSE_SU-2018-1851-1.NASL", "OPENSUSE-2018-690.NASL", "PHOTONOS_PHSA-2020-1_0-0289_SQLITE.NASL", "PHOTONOS_PHSA-2020-3_0-0081_SQLITE.NASL", "PHOTONOS_PHSA-2020-2_0-0231_SQLITE.NASL", "EULEROS_SA-2020-1512.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201512", "OPENVAS:1361412562310851807", "OPENVAS:1361412562310843556", "OPENVAS:1361412562310892203"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2203-1:78BFA"]}, {"type": "cve", "idList": ["CVE-2014-2595", "CVE-2020-11655", "CVE-2019-11655", "CVE-2015-9286", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1860-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}], "modified": "2018-08-31T11:10:16", "rev": 2}, "vulnersScore": 6.9}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **91[.]231.84.41** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-22T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **malware**.\nASN 197726: (First IP 91.231.84.0, Last IP 91.231.84.48).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-22T00:00:00", "id": "RST:5642A61D-8D52-3EA9-8DE0-5A0E97721461", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 91.231.84.41", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]64.154.126** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2019-09-30T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **malware**.\nASN 197726: (First IP 195.64.154.0, Last IP 195.64.155.255).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-09-30T00:00:00", "id": "RST:100A3C99-AF39-3BE8-A28D-26754B1FD31E", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 195.64.154.126", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]64.155.132** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-21T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **generic**.\nASN 197726: (First IP 195.64.154.0, Last IP 195.64.155.255).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-21T00:00:00", "id": "RST:F45033D8-05CF-3DDC-B0CF-B87CFD6702E8", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 195.64.155.132", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]123.188.186** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **14**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **generic**.\nASN 197726: (First IP 195.123.188.0, Last IP 195.123.199.255).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:44BC3B54-EC93-31BB-B8E9-E134E1493962", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 195.123.188.186", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-13T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **91[.]231.84.174** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **19**.\n First seen: 2021-01-08T03:00:00, Last seen: 2021-02-13T03:00:00.\n IOC tags: **generic**.\nASN 197726: (First IP 91.231.84.49, Last IP 91.231.86.232).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-08T00:00:00", "id": "RST:7D9663EF-2E10-3465-BADD-E3AB8EAD6FDF", "href": "", "published": "2021-02-14T00:00:00", "title": "RST Threat feed. IOC: 91.231.84.174", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-04T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]88.242.13** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-02-04T03:00:00, Last seen: 2021-02-04T03:00:00.\n IOC tags: **generic**.\nASN 197726: (First IP 195.88.242.0, Last IP 195.88.243.255).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-04T00:00:00", "id": "RST:25753635-A8A9-33B0-8981-10CD1FF539F2", "href": "", "published": "2021-02-04T00:00:00", "title": "RST Threat feed. IOC: 195.88.242.13", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]88.242.31** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **8**.\n First seen: 2020-07-31T03:00:00, Last seen: 2021-01-05T03:00:00.\n IOC tags: **generic**.\nASN 197726: (First IP 195.88.242.0, Last IP 195.88.243.255).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-07-31T00:00:00", "id": "RST:EF48AA61-43E5-3205-A85C-78B6B92D9362", "href": "", "published": "2021-02-04T00:00:00", "title": "RST Threat feed. IOC: 195.88.242.31", "type": "rst", "cvss": {}}, {"lastseen": "2020-07-01T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]88.242.158** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-07-01T03:00:00, Last seen: 2020-07-01T03:00:00.\n IOC tags: **generic**.\nASN 197726: (First IP 195.88.242.0, Last IP 195.88.243.255).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-07-01T00:00:00", "id": "RST:68739C1D-41B7-3ADF-91D9-17E0B0C1815B", "href": "", "published": "2021-02-04T00:00:00", "title": "RST Threat feed. IOC: 195.88.242.158", "type": "rst", "cvss": {}}, {"lastseen": "2020-10-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]88.242.197** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-10-05T03:00:00, Last seen: 2020-10-05T03:00:00.\n IOC tags: **generic**.\nASN 197726: (First IP 195.88.242.0, Last IP 195.88.243.255).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-05T00:00:00", "id": "RST:B4976C7D-822C-3215-9BE9-A20335C4AB4C", "href": "", "published": "2021-02-04T00:00:00", "title": "RST Threat feed. IOC: 195.88.242.197", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-04T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]64.154.184** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-02-04T03:00:00, Last seen: 2021-02-04T03:00:00.\n IOC tags: **generic**.\nASN 197726: (First IP 195.64.154.0, Last IP 195.64.155.255).\nASN Name \"UKRNAMESAS\" and Organisation \"\".\nASN hosts 11655 domains.\nGEO IP information: City \"\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-04T00:00:00", "id": "RST:90446E6E-55D4-3F69-8F64-7127F031142E", "href": "", "published": "2021-02-04T00:00:00", "title": "RST Threat feed. IOC: 195.64.154.184", "type": "rst", "cvss": {}}], "oracle": [{"lastseen": "2020-12-24T15:41:14", "bulletinFamily": "software", "cvelist": ["CVE-2013-7285", "CVE-2015-1832", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000340", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2016-10244", "CVE-2016-10328", "CVE-2016-2167", "CVE-2016-2168", "CVE-2016-2183", "CVE-2016-2510", "CVE-2016-3189", "CVE-2016-4800", "CVE-2016-5000", "CVE-2016-5300", "CVE-2016-5725", "CVE-2016-6153", "CVE-2016-6306", "CVE-2016-8610", "CVE-2016-8734", "CVE-2017-10989", "CVE-2017-12626", "CVE-2017-13098", "CVE-2017-13685", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-15095", "CVE-2017-15286", "CVE-2017-17485", "CVE-2017-3164", "CVE-2017-5644", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-7525", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9096", "CVE-2017-9735", "CVE-2017-9800", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-14718", "CVE-2018-15769", "CVE-2018-17196", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-20346", "CVE-2018-20505", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-2765", "CVE-2018-3693", "CVE-2018-5382", "CVE-2018-5968", "CVE-2018-6942", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8088", "CVE-2018-8740", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0192", "CVE-2019-0201", "CVE-2019-10072", "CVE-2019-10097", "CVE-2019-1010239", "CVE-2019-10173", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11048", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11834", "CVE-2019-11835", "CVE-2019-11922", "CVE-2019-12086", "CVE-2019-12260", "CVE-2019-12261", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12900", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14540", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17495", "CVE-2019-17531", "CVE-2019-17543", "CVE-2019-17558", "CVE-2019-17569", "CVE-2019-17632", "CVE-2019-17638", "CVE-2019-18348", "CVE-2019-20330", "CVE-2019-2897", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5018", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-10108", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11984", "CVE-2020-11993", "CVE-2020-11996", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-13920", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-14672", "CVE-2020-14731", "CVE-2020-14732", "CVE-2020-14734", "CVE-2020-14735", "CVE-2020-14736", "CVE-2020-14740", "CVE-2020-14741", "CVE-2020-14742", "CVE-2020-14743", "CVE-2020-14744", "CVE-2020-14745", "CVE-2020-14746", "CVE-2020-14752", "CVE-2020-14753", "CVE-2020-14754", "CVE-2020-14757", "CVE-2020-14758", "CVE-2020-14759", "CVE-2020-14760", "CVE-2020-14761", "CVE-2020-14762", "CVE-2020-14763", "CVE-2020-14764", "CVE-2020-14765", "CVE-2020-14766", "CVE-2020-14767", "CVE-2020-14768", "CVE-2020-14769", "CVE-2020-14770", "CVE-2020-14771", "CVE-2020-14772", "CVE-2020-14773", "CVE-2020-14774", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14778", "CVE-2020-14779", "CVE-2020-14780", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14783", "CVE-2020-14784", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14787", "CVE-2020-14788", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14792", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14795", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14801", "CVE-2020-14802", "CVE-2020-14803", "CVE-2020-14804", "CVE-2020-14805", "CVE-2020-14806", "CVE-2020-14807", "CVE-2020-14808", "CVE-2020-14809", "CVE-2020-14810", "CVE-2020-14811", "CVE-2020-14812", "CVE-2020-14813", "CVE-2020-14814", "CVE-2020-14815", "CVE-2020-14816", "CVE-2020-14817", "CVE-2020-14818", "CVE-2020-14819", "CVE-2020-14820", "CVE-2020-14821", "CVE-2020-14822", "CVE-2020-14823", "CVE-2020-14824", "CVE-2020-14825", "CVE-2020-14826", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14831", "CVE-2020-14832", "CVE-2020-14833", "CVE-2020-14834", "CVE-2020-14835", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14840", "CVE-2020-14841", "CVE-2020-14842", "CVE-2020-14843", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14847", "CVE-2020-14848", "CVE-2020-14849", "CVE-2020-14850", "CVE-2020-14851", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14854", "CVE-2020-14855", "CVE-2020-14856", "CVE-2020-14857", "CVE-2020-14858", "CVE-2020-14859", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14862", "CVE-2020-14863", "CVE-2020-14864", "CVE-2020-14865", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14871", "CVE-2020-14872", "CVE-2020-14873", "CVE-2020-14875", "CVE-2020-14876", "CVE-2020-14877", "CVE-2020-14878", "CVE-2020-14879", "CVE-2020-14880", "CVE-2020-14881", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-14884", "CVE-2020-14885", "CVE-2020-14886", "CVE-2020-14887", "CVE-2020-14888", "CVE-2020-14889", "CVE-2020-14890", "CVE-2020-14891", "CVE-2020-14892", "CVE-2020-14893", "CVE-2020-14894", "CVE-2020-14895", "CVE-2020-14896", "CVE-2020-14897", "CVE-2020-14898", "CVE-2020-14899", "CVE-2020-14900", "CVE-2020-14901", "CVE-2020-15358", "CVE-2020-15389", "CVE-2020-1730", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1953", "CVE-2020-1954", "CVE-2020-1967", "CVE-2020-2555", "CVE-2020-3235", "CVE-2020-3909", "CVE-2020-4051", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-7067", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8840", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9409", "CVE-2020-9410", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9489", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n \nStarting with the October 2020 Critical Patch Update, Oracle lists updates that address vulnerabilities in third-party components which are not exploitable in the context of their inclusion in their respective Oracle product beneath the product's risk matrix. Oracle has published two versions of the October 2020 Critical Patch Update Advisory: this version of the advisory implemented the change in how non-exploitable vulnerabilities in third-party components are reported, and the \u201ctraditional\u201d advisory follows the same format as the previous advisories. The \u201ctraditional\u201d advisory is published at <https://www.oracle.com/security-alerts/cpuoct2020traditional.html>. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 403 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2712240.1>).\n", "modified": "2020-12-08T00:00:00", "published": "2020-10-20T00:00:00", "id": "ORACLE:CPUOCT2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T15:41:17", "bulletinFamily": "software", "cvelist": ["CVE-2015-7501", "CVE-2015-8607", "CVE-2015-8608", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3183", "CVE-2016-4000", "CVE-2016-4796", "CVE-2016-4797", "CVE-2016-5017", "CVE-2016-5019", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-8332", "CVE-2016-8610", "CVE-2016-9112", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-0861", "CVE-2017-10140", "CVE-2017-12610", "CVE-2017-12626", "CVE-2017-12814", "CVE-2017-12837", "CVE-2017-12883", "CVE-2017-15265", "CVE-2017-15708", "CVE-2017-5637", "CVE-2017-5645", "CVE-2018-1000004", "CVE-2018-1000632", "CVE-2018-10237", "CVE-2018-10675", "CVE-2018-10872", "CVE-2018-10901", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11776", "CVE-2018-1199", "CVE-2018-12015", "CVE-2018-12023", "CVE-2018-12207", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1288", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17190", "CVE-2018-17196", "CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-3693", "CVE-2018-5390", "CVE-2018-6616", "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913", "CVE-2018-7566", "CVE-2018-8012", "CVE-2018-8013", "CVE-2018-8032", "CVE-2018-8088", "CVE-2019-0188", "CVE-2019-0201", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10192", "CVE-2019-10193", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12973", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14862", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1551", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-16056", "CVE-2019-16335", "CVE-2019-16935", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17560", "CVE-2019-17561", "CVE-2019-17563", "CVE-2019-17569", "CVE-2019-17571", "CVE-2019-17573", "CVE-2019-19956", "CVE-2019-20330", "CVE-2019-20388", "CVE-2019-2094", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5427", "CVE-2019-5489", "CVE-2019-8457", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14527", "CVE-2020-14528", "CVE-2020-14529", "CVE-2020-14530", "CVE-2020-14531", "CVE-2020-14532", "CVE-2020-14533", "CVE-2020-14534", "CVE-2020-14535", "CVE-2020-14536", "CVE-2020-14537", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14541", "CVE-2020-14542", "CVE-2020-14543", "CVE-2020-14544", "CVE-2020-14545", "CVE-2020-14546", "CVE-2020-14547", "CVE-2020-14548", "CVE-2020-14549", "CVE-2020-14550", "CVE-2020-14551", "CVE-2020-14552", "CVE-2020-14553", "CVE-2020-14554", "CVE-2020-14555", "CVE-2020-14556", "CVE-2020-14557", "CVE-2020-14558", "CVE-2020-14559", "CVE-2020-14560", "CVE-2020-14561", "CVE-2020-14562", "CVE-2020-14563", "CVE-2020-14564", "CVE-2020-14565", "CVE-2020-14566", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14569", "CVE-2020-14570", "CVE-2020-14571", "CVE-2020-14572", "CVE-2020-14573", "CVE-2020-14574", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14580", "CVE-2020-14581", "CVE-2020-14582", "CVE-2020-14583", "CVE-2020-14584", "CVE-2020-14585", "CVE-2020-14586", "CVE-2020-14587", "CVE-2020-14588", "CVE-2020-14589", "CVE-2020-14590", "CVE-2020-14591", "CVE-2020-14592", "CVE-2020-14593", "CVE-2020-14594", "CVE-2020-14595", "CVE-2020-14596", "CVE-2020-14597", "CVE-2020-14598", "CVE-2020-14599", "CVE-2020-14600", "CVE-2020-14601", "CVE-2020-14602", "CVE-2020-14603", "CVE-2020-14604", "CVE-2020-14605", "CVE-2020-14606", "CVE-2020-14607", "CVE-2020-14608", "CVE-2020-14609", "CVE-2020-14610", "CVE-2020-14611", "CVE-2020-14612", "CVE-2020-14613", "CVE-2020-14614", "CVE-2020-14615", "CVE-2020-14616", "CVE-2020-14617", "CVE-2020-14618", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14621", "CVE-2020-14622", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14625", "CVE-2020-14626", "CVE-2020-14627", "CVE-2020-14628", "CVE-2020-14629", "CVE-2020-14630", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14635", "CVE-2020-14636", "CVE-2020-14637", "CVE-2020-14638", "CVE-2020-14639", "CVE-2020-14640", "CVE-2020-14641", "CVE-2020-14642", "CVE-2020-14643", "CVE-2020-14644", "CVE-2020-14645", "CVE-2020-14646", "CVE-2020-14647", "CVE-2020-14648", "CVE-2020-14649", "CVE-2020-14650", "CVE-2020-14651", "CVE-2020-14652", "CVE-2020-14653", "CVE-2020-14654", "CVE-2020-14655", "CVE-2020-14656", "CVE-2020-14657", "CVE-2020-14658", "CVE-2020-14659", "CVE-2020-14660", "CVE-2020-14661", "CVE-2020-14662", "CVE-2020-14663", "CVE-2020-14664", "CVE-2020-14665", "CVE-2020-14666", "CVE-2020-14667", "CVE-2020-14668", "CVE-2020-14669", "CVE-2020-14670", "CVE-2020-14671", "CVE-2020-14673", "CVE-2020-14674", "CVE-2020-14675", "CVE-2020-14676", "CVE-2020-14677", "CVE-2020-14678", "CVE-2020-14679", "CVE-2020-14680", "CVE-2020-14681", "CVE-2020-14682", "CVE-2020-14684", "CVE-2020-14685", "CVE-2020-14686", "CVE-2020-14687", "CVE-2020-14688", "CVE-2020-14690", "CVE-2020-14691", "CVE-2020-14692", "CVE-2020-14693", "CVE-2020-14694", "CVE-2020-14695", "CVE-2020-14696", "CVE-2020-14697", "CVE-2020-14698", "CVE-2020-14699", "CVE-2020-14700", "CVE-2020-14701", "CVE-2020-14702", "CVE-2020-14703", "CVE-2020-14704", "CVE-2020-14705", "CVE-2020-14706", "CVE-2020-14707", "CVE-2020-14708", "CVE-2020-14709", "CVE-2020-14710", "CVE-2020-14711", "CVE-2020-14712", "CVE-2020-14713", "CVE-2020-14714", "CVE-2020-14715", "CVE-2020-14716", "CVE-2020-14717", "CVE-2020-14718", "CVE-2020-14719", "CVE-2020-14720", "CVE-2020-14721", "CVE-2020-14722", "CVE-2020-14723", "CVE-2020-14724", "CVE-2020-14725", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1967", "CVE-2020-2513", "CVE-2020-2555", "CVE-2020-2562", "CVE-2020-2966", "CVE-2020-2967", "CVE-2020-2968", "CVE-2020-2969", "CVE-2020-2971", "CVE-2020-2972", "CVE-2020-2973", "CVE-2020-2974", "CVE-2020-2975", "CVE-2020-2976", "CVE-2020-2977", "CVE-2020-2978", "CVE-2020-2981", "CVE-2020-2982", "CVE-2020-2983", "CVE-2020-2984", "CVE-2020-5258", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-6851", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7595", "CVE-2020-8112", "CVE-2020-8172", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 444 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2684313.1>).\n", "modified": "2020-12-01T00:00:00", "published": "2020-07-14T00:00:00", "id": "ORACLE:CPUJUL2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-23T12:53:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20346", "CVE-2020-13434", "CVE-2019-20218", "CVE-2019-9936", "CVE-2018-8740", "CVE-2019-16168", "CVE-2020-13632", "CVE-2019-9937", "CVE-2020-11655", "CVE-2020-13630", "CVE-2018-20506", "CVE-2020-13871", "CVE-2019-5827"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2340-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ \nAugust 22, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : sqlite3\nVersion : 3.16.2-5+deb9u2\nCVE ID : CVE-2018-8740 CVE-2018-20346 CVE-2018-20506 CVE-2019-5827 \n CVE-2019-9936 CVE-2019-9937 CVE-2019-16168 CVE-2019-20218 \n CVE-2020-11655 CVE-2020-13434 CVE-2020-13630 CVE-2020-13632 \n CVE-2020-13871\nDebian Bug : \n\nSeveral vulnerabilities have been discovered in sqlite3, a C library that\nimplements an SQL database engine.\n\nCVE-2018-8740\n\n Databases whose schema is corrupted using a CREATE TABLE AS statement\n could cause a NULL pointer dereference.\n\nCVE-2018-20346\n\n When the FTS3 extension is enabled, sqlite3 encounters an integer\n overflow (and resultant buffer overflow) for FTS3 queries that occur\n after crafted changes to FTS3 shadow tables, allowing remote\n attackers to execute arbitrary code by leveraging the ability to run\n arbitrary SQL statements.\n\nCVE-2018-20506\n\n When the FTS3 extension is enabled, sqlite3 encounters an integer\n overflow (and resultant buffer overflow) for FTS3 queries in a\n "merge" operation that occurs after crafted changes to FTS3 shadow\n tables, allowing remote attackers to execute arbitrary code by\n leveraging the ability to run arbitrary SQL statements\n\nCVE-2019-5827\n\n Integer overflow allowed a remote attacker to potentially exploit\n heap corruption via a crafted HTML page, primarily impacting\n chromium.\n\nCVE-2019-9936\n\n Running fts5 prefix queries inside a transaction could trigger a\n heap-based buffer over-read, which may lead to an information leak.\n\nCVE-2019-9937\n\n Interleaving reads and writes in a single transaction with an fts5\n virtual table will lead to a NULL Pointer Dereference.\n\nCVE-2019-16168\n\n A browser or other application can be triggered to crash because of\n inadequate parameter validation which could lead to a divide-by-zero\n error.\n\nCVE-2019-20218\n\n WITH stack unwinding proceeds even after a parsing error, resulting\n in a possible application crash.\n\nCVE-2020-13630\n\n The code related to the snippet feature exhibits a use-after-free\n defect.\n\nCVE-2020-13632\n\n A crafted matchinfo() query can lead to a NULL pointer dereference.\n\nCVE-2020-13871\n\n The parse tree rewrite for window functions is too late, leading to\n a use-after-free defect.\n\nCVE-2020-11655\n\n An improper initialization of AggInfo objects allows attackers to\n cause a denial of service (segmentation fault) via a malformed\n window-function query.\n\nCVE-2020-13434\n\n The code in sqlite3_str_vappendf in printf.c contains an integer\n overflow defect.\n\nFor Debian 9 stretch, these problems have been fixed in version\n3.16.2-5+deb9u2.\n\nWe recommend that you upgrade your sqlite3 packages.\n\nFor the detailed security status of sqlite3 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/sqlite3\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2020-08-22T22:34:58", "published": "2020-08-22T22:34:58", "id": "DEBIAN:DLA-2340-1:34DF9", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00037.html", "title": "[SECURITY] [DLA 2340-1] sqlite3 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-08-15T10:34:56", "description": "The remote host is affected by the vulnerability described in GLSA-202007-26\n(SQLite: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in SQLite. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 3, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-27T00:00:00", "title": "GLSA-202007-26 : SQLite: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13434", "CVE-2019-20218", "CVE-2020-13632", "CVE-2020-11656", "CVE-2020-13631", "CVE-2020-11655", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-15358", "CVE-2020-13871"], "modified": "2020-07-27T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:sqlite"], "id": "GENTOO_GLSA-202007-26.NASL", "href": "https://www.tenable.com/plugins/nessus/138949", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-26.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138949);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/14\");\n\n script_cve_id(\n \"CVE-2019-20218\",\n \"CVE-2020-11655\",\n \"CVE-2020-11656\",\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\",\n \"CVE-2020-13871\",\n \"CVE-2020-15358\"\n );\n script_xref(name:\"GLSA\", value:\"202007-26\");\n script_xref(name:\"IAVA\", value:\"2020-A-0358\");\n\n script_name(english:\"GLSA-202007-26 : SQLite: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-26\n(SQLite: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in SQLite. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202007-26\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All SQLite users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/sqlite-3.32.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11656\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/sqlite\", unaffected:make_list(\"ge 3.32.3\"), vulnerable:make_list(\"lt 3.32.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SQLite\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2020-07-27T03:27:02", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13434", "CVE-2019-20218", "CVE-2020-13632", "CVE-2020-11656", "CVE-2020-13631", "CVE-2020-11655", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-15358", "CVE-2020-13871"], "description": "### Background\n\nSQLite is a C library that implements an SQL database engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll SQLite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/sqlite-3.32.3\"", "edition": 1, "modified": "2020-07-27T00:00:00", "published": "2020-07-27T00:00:00", "id": "GLSA-202007-26", "href": "https://security.gentoo.org/glsa/202007-26", "title": "SQLite: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-06-29T17:49:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13632", "CVE-2020-11655", "CVE-2020-13435", "CVE-2020-13630"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-26T00:00:00", "published": "2020-06-26T00:00:00", "id": "OPENVAS:1361412562311220201693", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201693", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1693)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1693\");\n script_version(\"2020-06-26T07:26:58+0000\");\n script_cve_id(\"CVE-2020-11655\", \"CVE-2020-13435\", \"CVE-2020-13630\", \"CVE-2020-13632\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-26 07:26:58 +0000 (Fri, 26 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-26 07:26:58 +0000 (Fri, 26 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1693)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1693\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1693\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'sqlite' package(s) announced via the EulerOS-SA-2020-1693 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.(CVE-2020-11655)\n\next/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.(CVE-2020-13632)\n\next/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.(CVE-2020-13630)\n\nSQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.(CVE-2020-13435)\");\n\n script_tag(name:\"affected\", value:\"'sqlite' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite\", rpm:\"sqlite~3.24.0~2.h15.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite-libs\", rpm:\"sqlite-libs~3.24.0~2.h15.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
