The vulnerability of the SQLite database management system’s ALTER TABLE instruction allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SQLite database management system’s ALTER TABLE command lies in the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the SQLite data initialization mechanism in Google Chrome browsers allows attackers to gain unauthorized access to confidential data.

The vulnerability of the SQLite data initialization mechanism in Google Chrome browsers is related to the disclosure of information during data processing. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to confidential data through a created...

The vulnerability of SQLite’s data processing mechanism in Google Chrome browsers allows attackers to gain unauthorized access to confidential data.

The vulnerability of SQLite data processing mechanism in Google Chrome browsers is related to reading data from buffer files beyond their allowable limits. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data through a created HTML page...

The vulnerability of the sqlite3Select function in the SQLite database management system, related to insufficient input data validation, allows attackers to trigger a service failure.

The vulnerability of the sqlite3Select function in the SQLite database management system is related to a selection error that uses the DISTINCT operator. Exploiting this vulnerability can allow an attacker to cause a service failure...

Grandstream UCM6200 Elevation of Privilege Vulnerability

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. A security vulnerability exists in the Grandstream UCM6200 series version 1.0.20.22 and prior versions, which originates from the program storing unencrypted user passwords in a SQLite database...

CVE-2020-5723

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges...

CVE-2020-5723

CVE-2020-5723 affects Grandstream UCM62xx/UCM6200 series (firmware 1.0.20.22 and earlier). Root cause: unencrypted user passwords stored in an SQLite database, enabling an attacker to retrieve passwords and potentially gain elevated privileges. Connected documents also reference related CVE-2020-...

sqlite: Out-of-bounds read in SELECT with ON/USING clause

An out-of-bounds read vulnerability was found in the SQLite component of the Chromium browser. A remote attacker could abuse this flaw to obtain potentially sensitive information from process memory via a crafted HTML page. The highest threat from this vulnerability is to data confidentiality...

Code injection

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error...

DEBIAN-CVE-2019-19923

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference or incorrect results...

CVE-2019-19925

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive...

Multiple SQLite, Chrome WebSQL Component Remote Code Execution Vulnerabilities

SQLite is one of the most widely used lightweight database systems.Chrome is a browser developed by Google that includes a WebSQL feature that allows SQL statements to be executed directly through the browser. This feature is powered by SQLite. A remote code execution vulnerability exists in...

DEBIAN-CVE-2019-13753

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

UBUNTU-CVE-2019-13750

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...

UBUNTU-CVE-2019-13751

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

[SECURITY] Fedora 30 Update: sqlite-3.26.0-7.fc30

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

USN-4205-1: SQLite vulnerabilities

It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. CVE-2018-8740 It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use thi...

DEBIAN-CVE-2019-19244

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage...

The vulnerabilities of the ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c components of the SQLite database management system allow a hacker to cause a service failure.

The vulnerability of the ext/fts5/fts5hash.c and ext/fts5/fts5index.c components of the SQLite database management system is related to the use of a null pointer dereferencing. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the fts5HashEntrySort function in the sqlite3.c file of the SQLite database management system allows a hacker to disclose protected information.

The vulnerability of the fts5HashEntrySort function in the sqlite3.c file of the SQLite database management system is related to a read operation that goes beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to disclose sensitive information that is protected by thi...