CVSS: 8.1EPSS: 17%CPEs: 6EXPL: 2CVE-2018-20346 – Apple Security Advisory 2019-1-22-3
https://notcve.org/view.php?id=CVE-2018-20346
21 Dec 2018 — SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. SQLite anterior a la versión 3.25.3, cuando la extensión FTS3 está habilitada, encuentra un desbordamiento de enteros (y el desbordamiento del búfer result... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2018-8740 – Ubuntu Security Notice USN-4205-1
https://notcve.org/view.php?id=CVE-2018-8740
17 Mar 2018 — In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. En SQLite, hasta la versión 3.22.0, las bases de datos cuyo esquema está corrompido usando una instrucción CREATE TABLE AS podrían provocar una desreferencia de puntero NULL, relacionada con build.c y prepare.c. It was discovered that SQLite incorrectly handled certain corrupted schemas. An attacker could possibly use this issue to cause a ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15286
https://notcve.org/view.php?id=CVE-2017-15286
12 Oct 2017 — SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. SQLite 3.20.1 tiene una desreferencia de puntero NULL en tableColumnList en shell.c porque ignora determinados casos en donde `sqlite3_step(pStmt)==SQLITE_ROW es falso y una estructura de datos nunca se inicializa. • http://www.securityfocus.com/bid/101285 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13685 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2017-13685
29 Aug 2017 — The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. La función dump_callback en SQLite 3.20.0 permite que atacantes remotos provoquen una denegación de servicio (EXC_BAD_ACCESS y fallo de aplicación) mediante un archivo manipulado. It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issu... • http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2017-10989 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2017-10989
07 Jul 2017 — The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. La función getNodeSize en ext/rtree/rtree.c en SQLite, hasta la versión 3.19.3, como se utiliza en GDAL y otros productos, gestiona de manera incorrecta los blobs RTree que tienen un tamaño demasiado pequeño en una base de datos manipulada, lo que da lugar a una sobre... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6153 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2016-6153
26 Sep 2016 — os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. os_unix.c en SQLite en versiones anteriores a 3.13.0 no implementa correctamente el algoritmo de búsqueda de directorio temporal, lo que podría permitir a usuarios locales obtener información sensibl... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6607 – Apple Security Advisory 2017-03-22-2
https://notcve.org/view.php?id=CVE-2015-6607
06 Oct 2015 — SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. SQLite en versiones anterioers a 3.8.9, tal como se utiliza en Android en versiones anteriores a 5.1.1 LMY48T, permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 20099586. This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabi... • http://www.securityfocus.com/bid/76970 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 20%CPEs: 2EXPL: 1CVE-2015-5895 – SQLite3 3.8.6 - Controlled Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2015-5895
18 Sep 2015 — Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en SQLite en versiones anteriores a 3.8.10.2, tal como se utiliza en Apple iOS en versiones anteriores a 9, tiene un impacto y vectores de ataque desconocidos. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • https://www.exploit-db.com/exploits/36190 •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 2CVE-2013-7443 – Apple Security Advisory 2017-03-22-2
https://notcve.org/view.php?id=CVE-2013-7443
03 Aug 2015 — Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. Desbordamiento de buffer en la optimización skip-scan en SQLite 3.8.2, permite a atacantes remotos provocar una denegación de servicio (caída) a través de sentencias SQL manipuladas. It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of s... • http://ubuntu.com/usn/usn-2698-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-3717 – SQLite printf Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3717
01 Jul 2015 — Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de buffer en la funcionalidad printf en SQLite, utilizado en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de ve... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •