CVSS: 9.8EPSS: 8%CPEs: 15EXPL: 0CVE-2020-11656 – Gentoo Linux Security Advisory 202007-26
https://notcve.org/view.php?id=CVE-2020-11656
09 Apr 2020 — In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. En SQLite versiones hasta 3.31.1, la implementación de ALTER TABLE presenta un uso de la memoria previamente liberada, como es demostrado por una cláusula ORDER BY que pertenece a una sentencia SELECT compuesta. Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code. Versions less than... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-416: Use After Free •
CVSS: 9.8EPSS: 6%CPEs: 6EXPL: 0CVE-2019-19646
https://notcve.org/view.php?id=CVE-2019-19646
09 Dec 2019 — pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. El archivo pragma.c en SQLite versiones hasta 3.30.1, maneja inapropiadamente NOT NULL en un comando PRAGMA de integrity_check en determinados casos de columnas generadas. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19645 – Ubuntu Security Notice USN-4394-1
https://notcve.org/view.php?id=CVE-2019-19645
09 Dec 2019 — alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. El archivo alter.c en SQLite versiones hasta 3.30.1, permite a atacantes activar una recursión infinita por medio de ciertos tipos de vistas autorreferenciales junto con declaraciones ALTER TABLE. It was discovered that SQLite incorrectly handled certain corrupted schemas. An attacker could possibly use this issue to cause a denial of service... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 11%CPEs: 7EXPL: 1CVE-2018-20505 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2018-20505
23 Jan 2019 — SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). SQLite 3.25.2, cuando se ejecutan consultas en una tabla con una CLAVE PRIMARIA mal formada, permite que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación), explotando la posibilidad de ejecutar declaraciones SQL arbitra... • http://seclists.org/fulldisclosure/2019/Jan/62 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 13%CPEs: 9EXPL: 0CVE-2018-20506 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2018-20506
23 Jan 2019 — SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. En SQLite, en versiones anteriores a la 3.25.3, cuando está habilitada la extensión FTS3, ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 18%CPEs: 6EXPL: 2CVE-2018-20346 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2018-20346
21 Dec 2018 — SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. SQLite anterior a la versión 3.25.3, cuando la extensión FTS3 está habilitada, encuentra un desbordamiento de enteros (y el desbordamiento del búfer result... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2018-8740 – Ubuntu Security Notice USN-4205-1
https://notcve.org/view.php?id=CVE-2018-8740
17 Mar 2018 — In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. En SQLite, hasta la versión 3.22.0, las bases de datos cuyo esquema está corrompido usando una instrucción CREATE TABLE AS podrían provocar una desreferencia de puntero NULL, relacionada con build.c y prepare.c. It was discovered that SQLite incorrectly handled certain corrupted schemas. An attacker could possibly use this issue to cause a ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2017-10989 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2017-10989
07 Jul 2017 — The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. La función getNodeSize en ext/rtree/rtree.c en SQLite, hasta la versión 3.19.3, como se utiliza en GDAL y otros productos, gestiona de manera incorrecta los blobs RTree que tienen un tamaño demasiado pequeño en una base de datos manipulada, lo que da lugar a una sobre... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6153 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2016-6153
26 Sep 2016 — os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. os_unix.c en SQLite en versiones anteriores a 3.13.0 no implementa correctamente el algoritmo de búsqueda de directorio temporal, lo que podría permitir a usuarios locales obtener información sensibl... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6607 – Apple Security Advisory 2017-03-22-2
https://notcve.org/view.php?id=CVE-2015-6607
06 Oct 2015 — SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. SQLite en versiones anterioers a 3.8.9, tal como se utiliza en Android en versiones anteriores a 5.1.1 LMY48T, permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 20099586. This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabi... • http://www.securityfocus.com/bid/76970 • CWE-264: Permissions, Privileges, and Access Controls •