CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6607 – Apple Security Advisory 2017-03-22-2
https://notcve.org/view.php?id=CVE-2015-6607
06 Oct 2015 — SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. SQLite en versiones anterioers a 3.8.9, tal como se utiliza en Android en versiones anteriores a 5.1.1 LMY48T, permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 20099586. This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabi... • http://www.securityfocus.com/bid/76970 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 1CVE-2015-5895 – SQLite3 3.8.6 - Controlled Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2015-5895
18 Sep 2015 — Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en SQLite en versiones anteriores a 3.8.10.2, tal como se utiliza en Apple iOS en versiones anteriores a 9, tiene un impacto y vectores de ataque desconocidos. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • https://www.exploit-db.com/exploits/36190 •
CVSS: 7.8EPSS: 13%CPEs: 4EXPL: 2CVE-2013-7443 – Apple Security Advisory 2017-03-22-2
https://notcve.org/view.php?id=CVE-2013-7443
03 Aug 2015 — Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. Desbordamiento de buffer en la optimización skip-scan en SQLite 3.8.2, permite a atacantes remotos provocar una denegación de servicio (caída) a través de sentencias SQL manipuladas. It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of s... • http://ubuntu.com/usn/usn-2698-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 8%CPEs: 3EXPL: 0CVE-2015-3717 – SQLite printf Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3717
01 Jul 2015 — Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de buffer en la funcionalidad printf en SQLite, utilizado en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de ve... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-3415 – sqlite: invalid free() in src/vdbe.c
https://notcve.org/view.php?id=CVE-2015-3415
24 Apr 2015 — The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. La función sqlite3VdbeExec en vdbe.c en SQLite anterior a 3.8.9 no implementa correctamente los operadores de comparaciones, lo que permite a atacantes dependientes de contex... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2015-3414 – sqlite: use of uninitialized memory when parsing collation sequences in src/where.c
https://notcve.org/view.php?id=CVE-2015-3414
24 Apr 2015 — SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. SQLite anterior a 3.8.9 no implementa correctamente la descomillación de nombres de secuencias de colaciones, lo que permite a atacantes dependientes de conte... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-3416 – sqlite: stack buffer overflow in src/printf.c
https://notcve.org/view.php?id=CVE-2015-3416
24 Apr 2015 — The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. La función sqlite3VXPrintf en printf.c en SQLite anterior a 3.8.9 no maneja correctamente los valores de precisión y anchu... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6593 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6593
03 Apr 2009 — SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. Vulnerabilidad de inyección SQL en LightNEasy/lightneasy.php en LightNEasy SQLite v1.2.2 y anteriores permite a atacantes remotos inyectar código PHP de forma arbitraria en comments.dat a través del parámetro "dlid" en index.php. • https://www.exploit-db.com/exploits/5452 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6589
https://notcve.org/view.php?id=CVE-2008-6589
03 Apr 2009 — Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML d... • http://secunia.com/advisories/29833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 2CVE-2008-6592 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6592
03 Apr 2009 — thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). thumbsup.php en Thumbs-Up v1.12, cuando se utiliza en LightNEasy "no database" (también conocido como flat) y SQLite v1.2.2 permite a atacantes remotos copiar, renombrar, y leer ficheros de modo arbitrario ... • https://www.exploit-db.com/exploits/5452 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •