CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-20218 – sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error
https://notcve.org/view.php?id=CVE-2019-20218
02 Jan 2020 — selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. La función selectExpander en el archivo select.c en SQLite versión 3.30.1, continúa con el despliegue de la pila WITH incluso después de un error de análisis. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. • https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387 • CWE-391: Unchecked Error Condition CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 12%CPEs: 13EXPL: 0CVE-2019-19925 – sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
https://notcve.org/view.php?id=CVE-2019-19925
24 Dec 2019 — zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. La función zipfileUpdate en el archivo ext/misc/zipfile.c en SQLite versión 3.30.1, maneja inapropiadamente un nombre de ruta NULL durante una actualización de un archivo ZIP. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered t... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 10%CPEs: 5EXPL: 0CVE-2019-19924 – sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting
https://notcve.org/view.php?id=CVE-2019-19924
24 Dec 2019 — SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. SQLite versión 3.30.1 maneja inapropiadamente cierta reescritura de árbol de análisis, relacionada con los archivos expr.c, vdbeaux.c y window.c. Esto es causado por un manejo incorrecto de errores de la función sqlite3WindowRewrite(). It was discovered that SQLite incorrectly handled certain shadow tables. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-391: Unchecked Error Condition CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 13%CPEs: 13EXPL: 0CVE-2019-19923 – sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2019-19923
24 Dec 2019 — flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). La función flattenSubquery en el archivo select.c en SQLite versión 3.30.1 maneja inapropiadamente ciertos usos de SELECT DISTINCT que involucra una LEFT JOIN en la que el lado derecho es una vista. Esto puede causar una desreferencia del puntero NULL (o resultados incorrectos). It was discovere... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 11%CPEs: 13EXPL: 0CVE-2019-19926 – sqlite: error mishandling because of incomplete fix of CVE-2019-19880
https://notcve.org/view.php?id=CVE-2019-19926
23 Dec 2019 — multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. La función multiSelect en el archivo select.c en SQLite versión 3.30.1, maneja inapropiadamente determinados errores durante el análisis, como es demostrado por los errores de las llamadas de sqlite3WindowRewrite(). NOTA: esta vulnerabilidad se presenta debido a una corrección incomplet... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 11%CPEs: 13EXPL: 0CVE-2019-19880 – sqlite: invalid pointer dereference in exprListAppendList in window.c
https://notcve.org/view.php?id=CVE-2019-19880
18 Dec 2019 — exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. La función exprListAppendList en el archivo window.c en SQLite versión 3.30.1, permite a atacantes desencadenar una desreferencia del puntero no válida porque los valores enteros constantes en las cláusulas ORDER BY de las definiciones de ventana son manejados inapropiadamente. It was discovered that SQLite incorr... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19603 – sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS
https://notcve.org/view.php?id=CVE-2019-19603
09 Dec 2019 — SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. SQLite 3.30.1 maneja mal ciertas declaraciones SELECT con una VISTA inexistente, lo que lleva a un bloqueo de la aplicación. It was discovered that SQLite incorrectly handled certain corrupted schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 17%CPEs: 6EXPL: 0CVE-2019-19646
https://notcve.org/view.php?id=CVE-2019-19646
09 Dec 2019 — pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. El archivo pragma.c en SQLite versiones hasta 3.30.1, maneja inapropiadamente NOT NULL en un comando PRAGMA de integrity_check en determinados casos de columnas generadas. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19645 – Ubuntu Security Notice USN-4394-1
https://notcve.org/view.php?id=CVE-2019-19645
09 Dec 2019 — alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. El archivo alter.c en SQLite versiones hasta 3.30.1, permite a atacantes activar una recursión infinita por medio de ciertos tipos de vistas autorreferenciales junto con declaraciones ALTER TABLE. It was discovered that SQLite incorrectly handled certain corrupted schemas. An attacker could possibly use this issue to cause a denial of service... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2019-19317
https://notcve.org/view.php?id=CVE-2019-19317
05 Dec 2019 — lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. La función lookupName en el archivo resolve.c en SQLite versión 3.30.1, omite bits de la colUsed bitmask en el caso de una columna generada, lo que permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-681: Incorrect Conversion between Numeric Types •