http://seclists.org/fulldisclosure/2019/Jan/62

http://seclists.org/fulldisclosure/2019/Jan/64

http://seclists.org/fulldisclosure/2019/Jan/66

http://seclists.org/fulldisclosure/2019/Jan/67

http://seclists.org/fulldisclosure/2019/Jan/68

http://seclists.org/fulldisclosure/2019/Jan/69

http://www.securityfocus.com/bid/106698

https://seclists.org/bugtraq/2019/Jan/28

https://seclists.org/bugtraq/2019/Jan/29

https://seclists.org/bugtraq/2019/Jan/31

https://seclists.org/bugtraq/2019/Jan/32

https://seclists.org/bugtraq/2019/Jan/33

https://seclists.org/bugtraq/2019/Jan/39

https://security.netapp.com/advisory/ntap-20190502-0004/

https://sqlite.org/src/info/1a84668dcfdebaf12415d

https://support.apple.com/kb/HT209443

https://support.apple.com/kb/HT209446

https://support.apple.com/kb/HT209447

https://support.apple.com/kb/HT209448

https://support.apple.com/kb/HT209450

https://support.apple.com/kb/HT209451

USN-4019-1

According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - In SQLite 3.27.2, interleaving reads and writes in a     single transaction with an fts5 virtual table will lead     to a NULL Pointer Dereference in fts5ChunkIterate in     sqlite3.c. This is related to ext/fts5/fts5_hash.c and     ext/fts5/fts5_index.c.(CVE-2019-9937)

  - In SQLite 3.27.2, running fts5 prefix queries inside a     transaction could trigger a heap-based buffer over-read     in fts5HashEntrySort in sqlite3.c, which may lead to an     information leak. This is related to     ext/fts5/fts5_hash.c.(CVE-2019-9936)

  - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1     mishandles a NULL pathname during an update of a ZIP     archive.(CVE-2019-19925)

  - SQLite 3.30.1 mishandles certain parser-tree rewriting,     related to expr.c, vdbeaux.c, and window.c. This is     caused by incorrect sqlite3WindowRewrite() error     handling.(CVE-2019-19924)

  - flattenSubquery in select.c in SQLite 3.30.1 mishandles     certain uses of SELECT DISTINCT involving a LEFT JOIN     in which the right-hand side is a view. This can cause     a NULL pointer dereference (or incorrect     results).(CVE-2019-19923)

  - multiSelect in select.c in SQLite 3.30.1 mishandles     certain errors during parsing, as demonstrated by     errors from sqlite3WindowRewrite() calls. NOTE: this     vulnerability exists because of an incomplete fix for     CVE-2019-19880.(CVE-2019-19926)

  - selectExpander in select.c in SQLite 3.30.1 proceeds     with WITH stack unwinding even after a parsing     error.(CVE-2019-20218)

  - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain     uses of INSERT INTO in situations involving embedded     '\0' characters in filenames, leading to a     memory-management error that can be detected by (for     example) valgrind.(CVE-2019-19959)

  - SQLite 3.25.2, when queries are run on a table with a     malformed PRIMARY KEY, allows remote attackers to cause     a denial of service (application crash) by leveraging     the ability to run arbitrary SQL statements (such as in     certain WebSQL use cases).(CVE-2018-20505)

  - In SQLite 3.31.1, isAuxiliaryVtabOperator allows     attackers to trigger a NULL pointer dereference and     segmentation fault because of generated column     optimizations.(CVE-2020-9327)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that SQLite incorrectly handled certain SQL files.
An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2518, CVE-2017-2520)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-20505)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153)

It was discovered that SQLite incorrectly handled certain databases.
An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-10989)

It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2519).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Apple iOS running on the mobile device is prior to 12.1.3. It is, therefore, affected by multiple vulnerabilities:

 - Multiple unspecified vulnerabilities in WebKit can lead to arbitrary code execution if a user is enticed to visit a malicious web page. (CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)

 - A maliciously crafted SQL query could lead to arbitrary code execution. (CVE-2018-20346, CVE-2018-20505, CVE-2018-20506)

 - A malicious application could lead to arbitrary code execution with kernel privileges. (CVE-2019-6218)

Additionally several other vulnerabilities exist, the highest of which could allow an attacker to perform a remote code execution attack by enticing a user to view malicious web content.

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.3. It is, therefore, affected by multiple vulnerabilities related to the following components:

 - AppleKeyStore
 - Bluetooth
 - Core Media
 - CoreAnimation
 - FaceTime
 - IOKit
 - Kernel
 - libxpc
 - Natural Language Processing
 - QuartzCore
 - SQLite
 - WebRTC

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The version of Apple iTunes installed on the remote Windows host is prior to 12.9.3. It is, therefore, affected by multiple vulnerabilities as referenced in the HT209450 advisory:

  - Multiple vulnerabilities exist due to input processing     flaws in the WebKit component. An attacker may be able     to leverage one of these vulnerability, by providing     maliciously crafted web content, to execute arbitrary     code on the host. (CVE-2019-6212, CVE-2019-6215,     CVE-2019-6216, CVE-2019-6217, CVE-2019-6226,     CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)

  - A universal cross-site scripting vulnerability exists in     the WebKit component. An attacker may be able to leverage     this vulnerability, by providing maliciously crafted web     content, to execute arbitrary script code in the security     context of any site. (CVE-2019-6229)

  - A memory corruption vulnerability exists in the     AppleKeyStore component. An attacker may be able to     leverage this vulnerability to allow a process to     circumvent sandbox restrictions. (CVE-2019-6235)

  - An out-of-bounds read vulnerability exists in the     Core Media component. An attacker may be able to leverage     this vulnerability to allow a malicious application to     elevate its privileges. (CVE-2019-6221)

  - Multiple memory corruption issues exist in the SQLite     component. An attacker may be able to leverage these     vulnerabilities, by executing a malicious SQL query, to     execute arbitrary code on the host. (CVE-2018-20346,     CVE-2018-20505, CVE-2018-20506)


Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.3. It is, therefore, affected by multiple vulnerabilities related to the following components:

  - AppleKeyStore
  - Bluetooth
  - Core Media
  - CoreAnimation
  - FaceTime
  - IOKit
  - Kernel
  - libxpc
  - Natural Language Processing
  - QuartzCore
  - SQLite
  - WebRTC

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The version of Apple iOS running on the mobile device is prior to 12.1.3. It is, therefore, affected by multiple vulnerabilities:

  - Multiple unspecified vulnerabilities in WebKit     can lead to arbitrary code execution if a user     is enticed to visit a malicious web page.
    (CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)

  - A maliciously crafted SQL query could lead to     arbitrary code execution.
    (CVE-2018-20346, CVE-2018-20505,     CVE-2018-20506)

  - A malicious application could lead to arbitrary     code execution with kernel privileges.
    (CVE-2019-6218)

Additionally several other vulnerabilities exist, the highest of which could allow an attacker to perform a remote code execution attack by enticing a user to view malicious web content.

ID	Name	Product	Family	Severity
135151	EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)	Nessus	Huawei Local Security Checks	high
126065	Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : SQLite vulnerabilities (USN-4019-1)	Nessus	Ubuntu Local Security Checks	critical
700556	Apple iOS < 12.1.3 Multiple Vulnerabilities (APPLE-SA-2019-1-22-1)	Nessus Network Monitor	Mobile Devices	medium
700521	macOS 10.14.x < 10.14.3 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
121473	Apple iTunes < 12.9.3 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
121393	macOS 10.14.x < 10.14.3 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
121331	Apple iOS < 12.1.3 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2018-20505

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

critical

medium

critical

critical

high

high