CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-25223

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...

PT-2023-8333 · Sqlite +10 · Sqlite +10

Name of the Vulnerable Software and Affected Versions: SQLite versions up to 3.43.0 Description: A critical issue affects the sessionReadRecord function of the file ext/session/sqlite3session.c, leading to a heap-based buffer overflow. This can be exploited by a remote attacker to impact...

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product...

SUSE CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

SUSE CVE-2019-19926

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880...

SUSE CVE-2021-36690

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2021-2740)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2021-1975

Software: sqlite 3.7.17 OS: Cobalt 7.9 CVE-ID: CVE-2015-3717 CVE-Crit: HIGH CVE-DESC: Multiple buffer overflows in SQLite's printf function, used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service application crash via...

SQLite Null Pointer Dereference and Segmentation Error Vulnerability

SQLite is a self-contained, serverless, zero-configuration, transactional SQL database engine. A null pointer dereference and segmentation error vulnerability exists in isAuxiliaryVtabOperator in SQLite 3.31.1. No detailed vulnerability details are provided at this time...

ALPINE-CVE-2019-19242

SQLite 3.30.1 mishandles pExpr-y.pTab, as demonstrated by the TKCOLUMN case in sqlite3ExprCodeTarget in expr.c...

CVE-2017-7129

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service...

SQLite buffer overflow vulnerability in multiple Apple products (CNVD-2017-32737)

Apple iOS and so on are the products of the United States Apple Apple. Apple iOS is a set of operating systems developed for mobile devices; tvOS is a set of smart TV operating system. SQLite is one of the set of C-based open source embedded relational database management components developed by...

CVE-2015-3415

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service invalid free operation or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by...

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LightNEasy "no database" aka flat version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to 1 index.php and 2 LightNEasy.php...

CVE-2008-6590

LightNEasy has directory traversal flaws in version 1.2.2 (and possibly SQLite 1.2.2) where a crafted .. in the page parameter to index.php or LightNEasy.php allows remote attackers to read arbitrary files. Root cause appears to be inadequate validation of the page parameter, enabling traversal t...