exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-23 advisory. Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus Network Monitor 6.2.2 updates the following components:

  - c-ares from version 1.10.0 to version 1.19.1.
  - curl from version 7.79.1 to version 8.1.2.
  - libbzip2 from version 1.0.6 to version 1.0.8.
  - libpcre from version 8.42 to version 8.44.
  - libxml2 from version 2.7.7 to version 2.11.1.
  - libxslt from version 1.1.26 to version 1.1.37.
  - libxmlsec from version 1.2.18 to version 1.2.37.
  - sqlite from version 3.27.2 to version 3.40.1.
  - jQuery Cookie from version 1.3.1 to version 1.4.1.
  - jQuery UI from version 1.13.0 to version 1.13.2.
  - OpenSSL from version 3.0.8 to version 3.0.9.

The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3215-1 advisory.

  - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows     context-dependent attackers to cause a denial of service (uninitialized memory access and application     crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by     COLLATE at the end of a SELECT statement. (CVE-2015-3414)

  - The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison     operators, which allows context-dependent attackers to cause a denial of service (invalid free operation)     or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a     CREATE TABLE statement. (CVE-2015-3415)

  - os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which     might allow local users to obtain sensitive information, cause a denial of service (application crash), or     have unspecified other impact by leveraging use of the current working directory for temporary files.
    (CVE-2016-6153)

  - The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other     products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-     read or possibly unspecified other impact. (CVE-2017-10989)

  - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is     affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the     SQLite component. It allows remote attackers to execute arbitrary code or cause a denial of service     (buffer overflow and application crash) via a crafted SQL statement. (CVE-2017-2518)

  - SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant     buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote     attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in     certain WebSQL use cases), aka Magellan. (CVE-2018-20346)

  - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could     cause a NULL pointer dereference, related to build.c and prepare.c. (CVE-2018-8740)

  - In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application     because of missing validation of a sqlite_stat1 sz field, aka a severe division by zero in the query     planner. (CVE-2019-16168)

  - sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window     functions, and also has certain ORDER BY usage. (CVE-2019-19244)

  - lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated     column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
    (CVE-2019-19317)

  - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application     crash. (CVE-2019-19603)

  - alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-     referential views in conjunction with ALTER TABLE statements. (CVE-2019-19645)

  - pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain     cases of generated columns. (CVE-2019-19646)

  - exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference     because constant integer values in ORDER BY clauses of window definitions are mishandled. (CVE-2019-19880)

  - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT     JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect     results). (CVE-2019-19923)

  - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This     is caused by incorrect sqlite3WindowRewrite() error handling. (CVE-2019-19924)

  - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP     archive. (CVE-2019-19925)

  - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by     errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for     CVE-2019-19880. (CVE-2019-19926)

  - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving     embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for     example) valgrind. (CVE-2019-19959)

  - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
    (CVE-2019-20218)

  - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode()     function when handling invalid rtree tables. (CVE-2019-8457)

  - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)

  - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)

  - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet     feature. (CVE-2020-13630)

  - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related     to alter.c and build.c. (CVE-2020-13631)

  - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo()     query. (CVE-2020-13632)

  - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy     heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)

  - In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and     segmentation fault because of generated column optimizations. (CVE-2020-9327)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1058-1 advisory.

  - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows     context-dependent attackers to cause a denial of service (uninitialized memory access and application     crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by     COLLATE at the end of a SELECT statement. (CVE-2015-3414)

  - The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison     operators, which allows context-dependent attackers to cause a denial of service (invalid free operation)     or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O;>O) in a     CREATE TABLE statement. (CVE-2015-3415)

  - sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window     functions, and also has certain ORDER BY usage. (CVE-2019-19244)

  - lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated     column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
    (CVE-2019-19317)

  - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application     crash. (CVE-2019-19603)

  - alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-     referential views in conjunction with ALTER TABLE statements. (CVE-2019-19645)

  - pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain     cases of generated columns. (CVE-2019-19646)

  - exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference     because constant integer values in ORDER BY clauses of window definitions are mishandled. (CVE-2019-19880)

  - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT     JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect     results). (CVE-2019-19923)

  - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This     is caused by incorrect sqlite3WindowRewrite() error handling. (CVE-2019-19924)

  - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP     archive. (CVE-2019-19925)

  - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by     errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for     CVE-2019-19880. (CVE-2019-19926)

  - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving     embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for     example) valgrind. (CVE-2019-19959)

  - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
    (CVE-2019-20218)

  - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)

  - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)

  - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet     feature. (CVE-2020-13630)

  - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related     to alter.c and build.c. (CVE-2020-13631)

  - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo()     query. (CVE-2020-13632)

  - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy     heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)

  - In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and     segmentation fault because of generated column optimizations. (CVE-2020-9327)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2320-1 advisory.

  - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows     context-dependent attackers to cause a denial of service (uninitialized memory access and application     crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by     COLLATE at the end of a SELECT statement. (CVE-2015-3414)

  - The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison     operators, which allows context-dependent attackers to cause a denial of service (invalid free operation)     or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O;>O) in a     CREATE TABLE statement. (CVE-2015-3415)

  - sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window     functions, and also has certain ORDER BY usage. (CVE-2019-19244)

  - lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated     column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
    (CVE-2019-19317)

  - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application     crash. (CVE-2019-19603)

  - alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-     referential views in conjunction with ALTER TABLE statements. (CVE-2019-19645)

  - pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain     cases of generated columns. (CVE-2019-19646)

  - exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference     because constant integer values in ORDER BY clauses of window definitions are mishandled. (CVE-2019-19880)

  - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT     JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect     results). (CVE-2019-19923)

  - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This     is caused by incorrect sqlite3WindowRewrite() error handling. (CVE-2019-19924)

  - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP     archive. (CVE-2019-19925)

  - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by     errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for     CVE-2019-19880. (CVE-2019-19926)

  - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving     embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for     example) valgrind. (CVE-2019-19959)

  - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
    (CVE-2019-20218)

  - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)

  - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)

  - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet     feature. (CVE-2020-13630)

  - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related     to alter.c and build.c. (CVE-2020-13631)

  - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo()     query. (CVE-2020-13632)

  - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy     heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)

  - In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and     segmentation fault because of generated column optimizations. (CVE-2020-9327)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2320-1 advisory.

  - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows     context-dependent attackers to cause a denial of service (uninitialized memory access and application     crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by     COLLATE at the end of a SELECT statement. (CVE-2015-3414)

  - The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison     operators, which allows context-dependent attackers to cause a denial of service (invalid free operation)     or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a     CREATE TABLE statement. (CVE-2015-3415)

  - sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window     functions, and also has certain ORDER BY usage. (CVE-2019-19244)

  - lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated     column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
    (CVE-2019-19317)

  - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application     crash. (CVE-2019-19603)

  - alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-     referential views in conjunction with ALTER TABLE statements. (CVE-2019-19645)

  - pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain     cases of generated columns. (CVE-2019-19646)

  - exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference     because constant integer values in ORDER BY clauses of window definitions are mishandled. (CVE-2019-19880)

  - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT     JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect     results). (CVE-2019-19923)

  - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This     is caused by incorrect sqlite3WindowRewrite() error handling. (CVE-2019-19924)

  - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP     archive. (CVE-2019-19925)

  - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by     errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for     CVE-2019-19880. (CVE-2019-19926)

  - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving     embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for     example) valgrind. (CVE-2019-19959)

  - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
    (CVE-2019-20218)

  - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. (CVE-2020-13434)

  - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)

  - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet     feature. (CVE-2020-13630)

  - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related     to alter.c and build.c. (CVE-2020-13631)

  - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo()     query. (CVE-2020-13632)

  - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy     heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)

  - In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and     segmentation fault because of generated column optimizations. (CVE-2020-9327)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Microsoft Edge (Chromium) installed on the remote Windows host is prior to 80.0.361.48. It is, therefore, affected by multiple vulnerabilities:

  - An integer overflow condition exists in the JavaScript component of Google Chrome. An unauthenticated,     remote attacker can exploit this, via a crafted HTML page, to potentially exploit heap corruption.
    (CVE-2020-6381)

  - A type confusion error exists in the JavaScript component of Google Chrome. An unauthenticated, remote     attacker can exploit this, via a crafted HTML page, to potentially exploit heap corruption.
    (CVE-2020-6382)

  - A use-after-free vulnerability exists in the speech component of Google Chrome. An unauthenticated, remote     attacker can exploit this, via a crafted HTML page, to potentially exploit heap corruption.
    (CVE-2020-6406)

In addition, Microsoft Edge (Chromium) is also affected by several additional vulnerabilities including additional use-after-free vulnerabilities, out-of-bounds read/write, insufficient input validation, and insufficient policy enforcements.

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2019-19880     Richard Lorenz discovered an issue in the sqlite     library.

  - CVE-2019-19923     Richard Lorenz discovered an out-of-bounds read issue in     the sqlite library.

  - CVE-2019-19925     Richard Lorenz discovered an issue in the sqlite     library.

  - CVE-2019-19926     Richard Lorenz discovered an implementation error in the     sqlite library.

  - CVE-2020-6381     UK's National Cyber Security Centre discovered an     integer overflow issue in the v8 JavaScript library.

  - CVE-2020-6382     Soyeon Park and Wen Xu discovered a type error in the v8     JavaScript library.

  - CVE-2020-6383     Sergei Glazunov discovered a type error in the v8     JavaScript library.

  - CVE-2020-6384     David Manoucheri discovered a use-after-free issue in     WebAudio.

  - CVE-2020-6385     Sergei Glazunov discovered a policy enforcement error.

  - CVE-2020-6386     Zhe Jin discovered a use-after-free issue in speech     processing.

  - CVE-2020-6387     Natalie Silvanovich discovered an out-of-bounds write     error in the WebRTC implementation.

  - CVE-2020-6388     Sergei Glazunov discovered an out-of-bounds read error     in the WebRTC implementation.

  - CVE-2020-6389     Natalie Silvanovich discovered an out-of-bounds write     error in the WebRTC implementation.

  - CVE-2020-6390     Sergei Glazunov discovered an out-of-bounds read error.

  - CVE-2020-6391     Michal Bentkowski discoverd that untrusted input was     insufficiently validated.

  - CVE-2020-6392     The Microsoft Edge Team discovered a policy enforcement     error.

  - CVE-2020-6393     Mark Amery discovered a policy enforcement error.

  - CVE-2020-6394     Phil Freo discovered a policy enforcement error.

  - CVE-2020-6395     Pierre Langlois discovered an out-of-bounds read error     in the v8 JavaScript library.

  - CVE-2020-6396     William Luc Ritchie discovered an error in the skia     library.

  - CVE-2020-6397     Khalil Zhani discovered a user interface error.

  - CVE-2020-6398     pdknsk discovered an uninitialized variable in the     pdfium library.

  - CVE-2020-6399     Luan Herrera discovered a policy enforcement error.

  - CVE-2020-6400     Takashi Yoneuchi discovered an error in Cross-Origin     Resource Sharing.

  - CVE-2020-6401     Tzachy Horesh discovered that user input was     insufficiently validated.

  - CVE-2020-6402     Vladimir Metnew discovered a policy enforcement error.

  - CVE-2020-6403     Khalil Zhani discovered a user interface error.

  - CVE-2020-6404     kanchi discovered an error in Blink/Webkit.

  - CVE-2020-6405     Yongheng Chen and Rui Zhong discovered an out-of-bounds     read issue in the sqlite library.

  - CVE-2020-6406     Sergei Glazunov discovered a use-after-free issue.

  - CVE-2020-6407     Sergei Glazunov discovered an out-of-bounds read error.

  - CVE-2020-6408     Zhong Zhaochen discovered a policy enforcement error in     Cross-Origin Resource Sharing.

  - CVE-2020-6409     Divagar S and Bharathi V discovered an error in the     omnibox implementation.

  - CVE-2020-6410     evil1m0 discovered a policy enforcement error.

  - CVE-2020-6411     Khalil Zhani discovered that user input was     insufficiently validated.

  - CVE-2020-6412     Zihan Zheng discovered that user input was     insufficiently validated.

  - CVE-2020-6413     Michal Bentkowski discovered an error in Blink/Webkit.

  - CVE-2020-6414     Lijo A.T discovered a policy safe browsing policy     enforcement error.

  - CVE-2020-6415     Avihay Cohen discovered an implementation error in the     v8 JavaScript library.

  - CVE-2020-6416     Woojin Oh discovered that untrusted input was     insufficiently validated.

  - CVE-2020-6418     Clement Lecigne discovered a type error in the v8     JavaScript library.

  - CVE-2020-6420     Taras Uzdenov discovered a policy enforcement error.

It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2019-13734, CVE-2019-13750, CVE-2019-13753)

It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2019-13751)

It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880)

It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923)

It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
This issue only affected Ubuntu 19.10. (CVE-2019-19924)

It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.
(CVE-2019-19925, CVE-2019-19959)

It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2019-19926)

It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2019-20218)

It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.
(CVE-2020-9327).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0514 advisory.

  - libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure     (CVE-2019-18197)

  - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of (CVE-2019-19880)

  - sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in     select.c leads to a NULL pointer dereference (CVE-2019-19923)

  - sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive     (CVE-2019-19925)

  - sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926)

  - chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)

  - chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)

  - chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385)

  - chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387, CVE-2020-6389)

  - chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)

  - chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)

  - chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391)

  - chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392)

  - chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393, CVE-2020-6394)

  - chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)

  - chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)

  - chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)

  - chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)

  - chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399)

  - chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)

  - chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401, CVE-2020-6411,     CVE-2020-6412)

  - chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402)

  - chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)

  - chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404, CVE-2020-6413)

  - sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)

  - chromium-browser: Use after free in audio (CVE-2020-6406)

  - chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)

  - chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)

  - chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410)

  - chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414)

  - chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415)

  - chromium-browser: Insufficient data validation in streams (CVE-2020-6416)

  - chromium-browser: Inappropriate implementation in installer (CVE-2020-6417)

  - chromium-browser: Inappropriate implementation in AppCache (CVE-2020-6499)

  - chromium-browser: Inappropriate implementation in interstitials (CVE-2020-6500)

  - chromium-browser: Insufficient policy enforcement in CSP (CVE-2020-6501)

  - chromium-browser: Incorrect security UI in permissions (CVE-2020-6502)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for chromium fixes the following issues :

Chromium was updated to version 80.0.3987.87 (boo#1162833).

Security issues fixed :

  - CVE-2020-6381: Integer overflow in JavaScript     (boo#1162833).

  - CVE-2020-6382: Type Confusion in JavaScript     (boo#1162833).

  - CVE-2019-18197: Multiple vulnerabilities in XML     (boo#1162833).

  - CVE-2019-19926: Inappropriate implementation in SQLite     (boo#1162833).

  - CVE-2020-6385: Insufficient policy enforcement in     storage (boo#1162833).

  - CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities     in SQLite (boo#1162833).

  - CVE-2020-6387: Out of bounds write in WebRTC     (boo#1162833).

  - CVE-2020-6388: Out of bounds memory access in WebAudio     (boo#1162833).

  - CVE-2020-6389: Out of bounds write in WebRTC     (boo#1162833).

  - CVE-2020-6390: Out of bounds memory access in streams     (boo#1162833).

  - CVE-2020-6391: Insufficient validation of untrusted     input in Blink (boo#1162833).

  - CVE-2020-6392: Insufficient policy enforcement in     extensions (boo#1162833).

  - CVE-2020-6393: Insufficient policy enforcement in Blink     (boo#1162833).

  - CVE-2020-6394: Insufficient policy enforcement in Blink     (boo#1162833).

  - CVE-2020-6395: Out of bounds read in JavaScript     (boo#1162833).

  - CVE-2020-6396: Inappropriate implementation in Skia     (boo#1162833).

  - CVE-2020-6397: Incorrect security UI in sharing     (boo#1162833).

  - CVE-2020-6398: Uninitialized use in PDFium     (boo#1162833).

  - CVE-2020-6399: Insufficient policy enforcement in     AppCache (boo#1162833).

  - CVE-2020-6400: Inappropriate implementation in CORS     (boo#1162833).

  - CVE-2020-6401: Insufficient validation of untrusted     input in Omnibox (boo#1162833).

  - CVE-2020-6402: Insufficient policy enforcement in     downloads (boo#1162833).

  - CVE-2020-6403: Incorrect security UI in Omnibox     (boo#1162833).

  - CVE-2020-6404: Inappropriate implementation in Blink     (boo#1162833).

  - CVE-2020-6405: Out of bounds read in SQLite     (boo#1162833).

  - CVE-2020-6406: Use after free in audio (boo#1162833).

  - CVE-2019-19923: Out of bounds memory access in SQLite     (boo#1162833).

  - CVE-2020-6408: Insufficient policy enforcement in CORS     (boo#1162833).

  - CVE-2020-6409: Inappropriate implementation in Omnibox     (boo#1162833).

  - CVE-2020-6410: Insufficient policy enforcement in     navigation (boo#1162833).

  - CVE-2020-6411: Insufficient validation of untrusted     input in Omnibox (boo#1162833).

  - CVE-2020-6412: Insufficient validation of untrusted     input in Omnibox (boo#1162833).

  - CVE-2020-6413: Inappropriate implementation in Blink     (boo#1162833).

  - CVE-2020-6414: Insufficient policy enforcement in Safe     Browsing (boo#1162833).

  - CVE-2020-6415: Inappropriate implementation in     JavaScript (boo#1162833).

  - CVE-2020-6416: Insufficient data validation in streams     (boo#1162833).

  - CVE-2020-6417: Inappropriate implementation in installer     (boo#1162833).

An update of the sqlite package has been released.

ID	Name	Product	Family	Severity
177842	Nessus Network Monitor < 6.2.2 Multiple Vulnerabilities (TNS-2023-23)	Nessus	Misc.	critical
153643	SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2021:3215-1)	Nessus	SuSE Local Security Checks	critical
151816	openSUSE 15 Security Update : sqlite3 (openSUSE-SU-2021:1058-1)	Nessus	SuSE Local Security Checks	critical
151748	openSUSE 15 Security Update : sqlite3 (openSUSE-SU-2021:2320-1)	Nessus	SuSE Local Security Checks	critical
151654	SUSE SLED15 / SLES15 Security Update : sqlite3 (SUSE-SU-2021:2320-1)	Nessus	SuSE Local Security Checks	critical
138174	Microsoft Edge (Chromium) < 80.0.361.48 Multiple Vulnerabilities	Nessus	Windows	high
134433	Debian DSA-4638-1 : chromium - security update	Nessus	Debian Local Security Checks	high
134402	Ubuntu 16.04 LTS / 18.04 LTS : SQLite vulnerabilities (USN-4298-1)	Nessus	Ubuntu Local Security Checks	high
133749	RHEL 6 : chromium-browser (RHSA-2020:0514)	Nessus	Red Hat Local Security Checks	high
133593	openSUSE Security Update : chromium (openSUSE-2020-189)	Nessus	SuSE Local Security Checks	high
132989	Photon OS 2.0: Sqlite PHSA-2020-2.0-0200	Nessus	PhotonOS Local Security Checks	high
132984	Photon OS 1.0: Sqlite PHSA-2020-1.0-0264	Nessus	PhotonOS Local Security Checks	critical

Detections

Analytics

CVE-2019-19880

high

Tenable Plugins

critical

critical

critical

critical

critical

high

high

high

high

high

high

critical