CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2018-8740 – Ubuntu Security Notice USN-4205-1
https://notcve.org/view.php?id=CVE-2018-8740
17 Mar 2018 — In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. En SQLite, hasta la versión 3.22.0, las bases de datos cuyo esquema está corrompido usando una instrucción CREATE TABLE AS podrían provocar una desreferencia de puntero NULL, relacionada con build.c y prepare.c. It was discovered that SQLite incorrectly handled certain corrupted schemas. An attacker could possibly use this issue to cause a ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15286
https://notcve.org/view.php?id=CVE-2017-15286
12 Oct 2017 — SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. SQLite 3.20.1 tiene una desreferencia de puntero NULL en tableColumnList en shell.c porque ignora determinados casos en donde `sqlite3_step(pStmt)==SQLITE_ROW es falso y una estructura de datos nunca se inicializa. • http://www.securityfocus.com/bid/101285 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13685 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2017-13685
29 Aug 2017 — The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. La función dump_callback en SQLite 3.20.0 permite que atacantes remotos provoquen una denegación de servicio (EXC_BAD_ACCESS y fallo de aplicación) mediante un archivo manipulado. It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issu... • http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2017-10989 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2017-10989
07 Jul 2017 — The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. La función getNodeSize en ext/rtree/rtree.c en SQLite, hasta la versión 3.19.3, como se utiliza en GDAL y otros productos, gestiona de manera incorrecta los blobs RTree que tienen un tamaño demasiado pequeño en una base de datos manipulada, lo que da lugar a una sobre... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6153 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2016-6153
26 Sep 2016 — os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. os_unix.c en SQLite en versiones anteriores a 3.13.0 no implementa correctamente el algoritmo de búsqueda de directorio temporal, lo que podría permitir a usuarios locales obtener información sensibl... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6607 – Apple Security Advisory 2017-03-22-2
https://notcve.org/view.php?id=CVE-2015-6607
06 Oct 2015 — SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. SQLite en versiones anterioers a 3.8.9, tal como se utiliza en Android en versiones anteriores a 5.1.1 LMY48T, permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 20099586. This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabi... • http://www.securityfocus.com/bid/76970 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 20%CPEs: 2EXPL: 1CVE-2015-5895 – SQLite3 3.8.6 - Controlled Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2015-5895
18 Sep 2015 — Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en SQLite en versiones anteriores a 3.8.10.2, tal como se utiliza en Apple iOS en versiones anteriores a 9, tiene un impacto y vectores de ataque desconocidos. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • https://www.exploit-db.com/exploits/36190 •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-3717 – SQLite printf Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3717
01 Jul 2015 — Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de buffer en la funcionalidad printf en SQLite, utilizado en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de ve... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 7%CPEs: 10EXPL: 0CVE-2015-3414 – sqlite: use of uninitialized memory when parsing collation sequences in src/where.c
https://notcve.org/view.php?id=CVE-2015-3414
24 Apr 2015 — SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. SQLite anterior a 3.8.9 no implementa correctamente la descomillación de nombres de secuencias de colaciones, lo que permite a atacantes dependientes de conte... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 7%CPEs: 10EXPL: 0CVE-2015-3415 – sqlite: invalid free() in src/vdbe.c
https://notcve.org/view.php?id=CVE-2015-3415
24 Apr 2015 — The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. La función sqlite3VdbeExec en vdbe.c en SQLite anterior a 3.8.9 no implementa correctamente los operadores de comparaciones, lo que permite a atacantes dependientes de contex... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-404: Improper Resource Shutdown or Release •