CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2019-19646
https://notcve.org/view.php?id=CVE-2019-19646
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. El archivo pragma.c en SQLite versiones hasta 3.30.1, maneja inapropiadamente NOT NULL en un comando PRAGMA de integrity_check en determinados casos de columnas generadas. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3 https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd https://security.netapp.com/advisory/ntap-20191223-0001 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.sqlite.org https://www.tenable.com/security/tns-2021-14 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19645
https://notcve.org/view.php?id=CVE-2019-19645
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. El archivo alter.c en SQLite versiones hasta 3.30.1, permite a atacantes activar una recursión infinita por medio de ciertos tipos de vistas autorreferenciales junto con declaraciones ALTER TABLE. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06 https://security.netapp.com/advisory/ntap-20191223-0001 https://usn.ubuntu.com/4394-1 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.tenable.com/security/tns-2021-14 • CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-16168 – sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c
https://notcve.org/view.php?id=CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." En SQLite versiones hasta 3.29.0, la función whereLoopAddBtreeIndex en el archivo sqlite3.c puede bloquear un navegador u otra aplicación debido a la falta de comprobación de un campo sqlite_stat1 sz, también se conoce como "severe division by zero in the query planner.". • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2 https://security.gentoo.org/glsa/202003-16 https://security.netapp.com/advisory/ntap-20190926-0003 https:/& • CWE-369: Divide By Zero •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-8457 – sqlite: heap out-of-bound read in function rtreenode()
https://notcve.org/view.php?id=CVE-2019-8457
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. SQLite3 desde la versión 3.6.0 hasta la versión 3.27.2 incluida es vulnerable a la lectura de memoria dinámica fuera de límites de la función rtreenode () cuando se manejan tablas de rtree no válidas. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M https://security.netapp.com/advisory/ntap-20190606-0002 https://usn.ubuntu.com/4004-1 https://usn.ubuntu.com/4004-2 https://usn. • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2019-9937
https://notcve.org/view.php?id=CVE-2019-9937
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. En SQLite 3.27.2, las lecturas y escrituras intercaladas en una única transacción con una tabla virtual fts5 conducirá a una desreferencia de puntero NULL en fts5ChunkIterate en sqlite3.c. Esto está relacionado con ext/fts5/fts5_hash.c y ext/fts5/fts5_index.c. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html http://www.securityfocus.com/bid/107562 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP https://security.gentoo.org/glsa/201908-09 https://security.netapp.com/advisory/ntap-20190416- • CWE-476: NULL Pointer Dereference •