CVE-2016-6153
https://notcve.org/view.php?id=CVE-2016-6153
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. os_unix.c en SQLite en versiones anteriores a 3.13.0 no implementa correctamente el algoritmo de búsqueda de directorio temporal, lo que podría permitir a usuarios locales obtener información sensible, provocar una denegación de servicio (caída de aplicación) o tener otro impacto no especificado aprovechando el uso de directorio de trabajo actual para archivos temporales. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html http://www.openwall.com/lists/oss-security/2016/07/01/1 http://www.openwall.com/lists/oss-security/2016/07/01/2 http://www.securityfocus.com/bid/91546 http://www.sqlite.org/cgi/src/info/67985761aa93fb61 https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ https://lists.fedoraproject.org • CWE-20: Improper Input Validation •
CVE-2015-6607
https://notcve.org/view.php?id=CVE-2015-6607
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. SQLite en versiones anterioers a 3.8.9, tal como se utiliza en Android en versiones anteriores a 5.1.1 LMY48T, permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 20099586. • http://www.securityfocus.com/bid/76970 https://android-review.googlesource.com/#/c/145961 https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-5895 – SQLite3 3.8.6 - Controlled Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2015-5895
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en SQLite en versiones anteriores a 3.8.10.2, tal como se utiliza en Apple iOS en versiones anteriores a 9, tiene un impacto y vectores de ataque desconocidos. • https://www.exploit-db.com/exploits/36190 http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 •
CVE-2013-7443
https://notcve.org/view.php?id=CVE-2013-7443
Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. Desbordamiento de buffer en la optimización skip-scan en SQLite 3.8.2, permite a atacantes remotos provocar una denegación de servicio (caída) a través de sentencias SQL manipuladas. • http://ubuntu.com/usn/usn-2698-1 http://www.openwall.com/lists/oss-security/2015/07/14/5 http://www.openwall.com/lists/oss-security/2015/07/15/4 http://www.securityfocus.com/bid/76089 https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758 https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897 https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3717 – SQLite printf Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3717
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de buffer en la funcionalidad printf en SQLite, utilizado en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the printf function. The issue lies in the ability to use an arbitrary format string as an argument to an insecure printf function. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •