CVSS: 9.8EPSS: 27%CPEs: 9EXPL: 0CVE-2019-8457 – sqlite: heap out-of-bound read in function rtreenode()
https://notcve.org/view.php?id=CVE-2019-8457
30 May 2019 — SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. SQLite3 desde la versión 3.6.0 hasta la versión 3.27.2 incluida es vulnerable a la lectura de memoria dinámica fuera de límites de la función rtreenode () cuando se manejan tablas de rtree no válidas. It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of servic... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 2%CPEs: 6EXPL: 1CVE-2019-5018 – sqlite: Use-after-free in window function leading to remote code execution
https://notcve.org/view.php?id=CVE-2019-5018
10 May 2019 — An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Existe una vulnerabilidad de uso de memoria previamente liberada en la función de ventana de Sqlite3 3.26.0. Un comando SQL especialmente diseñado puede causar un uso de memoria previamente liberada, resulta... • http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2019-9937 – Gentoo Linux Security Advisory 201908-09
https://notcve.org/view.php?id=CVE-2019-9937
22 Mar 2019 — In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. En SQLite 3.27.2, las lecturas y escrituras intercaladas en una única transacción con una tabla virtual fts5 conducirá a una desreferencia de puntero NULL en fts5ChunkIterate en sqlite3.c. Esto está relacionado con ext/fts5/fts5_hash.c y ext/fts5/fts5_index.c. It was disc... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2019-9936 – Gentoo Linux Security Advisory 201908-09
https://notcve.org/view.php?id=CVE-2019-9936
22 Mar 2019 — In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. En SQLite 3.27.2, la ejecución de las consultas de prefijo fts5 en una transacción podría desencadenar una sobrelectura de búfer basada en memoria dinámica (heap) en fts5HashEntrySort en sqlite3.c, lo que podría conducir a una fuga de información. Esto está relacionado con ext/fts5/fts... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 12%CPEs: 7EXPL: 1CVE-2018-20505 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2018-20505
23 Jan 2019 — SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). SQLite 3.25.2, cuando se ejecutan consultas en una tabla con una CLAVE PRIMARIA mal formada, permite que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación), explotando la posibilidad de ejecutar declaraciones SQL arbitra... • http://seclists.org/fulldisclosure/2019/Jan/62 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 13%CPEs: 9EXPL: 0CVE-2018-20506 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2018-20506
23 Jan 2019 — SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. En SQLite, en versiones anteriores a la 3.25.3, cuando está habilitada la extensión FTS3, ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 17%CPEs: 6EXPL: 2CVE-2018-20346 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2018-20346
21 Dec 2018 — SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. SQLite anterior a la versión 3.25.3, cuando la extensión FTS3 está habilitada, encuentra un desbordamiento de enteros (y el desbordamiento del búfer result... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16048
https://notcve.org/view.php?id=CVE-2017-16048
04 Jun 2018 — `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. "node-sqlite" era un módulo malicioso publicado para secuestrar variables de entorno. Ha sido retirado por npm. • https://nodesecurity.io/advisories/493 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-506: Embedded Malicious Code •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16050
https://notcve.org/view.php?id=CVE-2017-16050
04 Jun 2018 — `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. "sqlite.js" era un módulo malicioso publicado para secuestrar variables de entorno. Ha sido retirado por npm. • https://nodesecurity.io/advisories/491 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-506: Embedded Malicious Code •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2018-8740 – Ubuntu Security Notice USN-4205-1
https://notcve.org/view.php?id=CVE-2018-8740
17 Mar 2018 — In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. En SQLite, hasta la versión 3.22.0, las bases de datos cuyo esquema está corrompido usando una instrucción CREATE TABLE AS podrían provocar una desreferencia de puntero NULL, relacionada con build.c y prepare.c. It was discovered that SQLite incorrectly handled certain corrupted schemas. An attacker could possibly use this issue to cause a ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html • CWE-476: NULL Pointer Dereference •