SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Use After Free
Memory Corruption
Information Disclosure
Sqlite
Fedora
+10
NVD
CVSS 3.1
7.5
EPSS
4.4%
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Pam Tacplus
Debian Linux
Ubuntu Linux
Cloudvision Portal
NVD
GitHub
CVSS 3.1
7.5
EPSS
1.7%