SUSE SLED15 / SLES15 Security Update : sqlite3 (SUSE-SU-2019:0788-1)

This update for sqlite3 to version 3.27.2 fixes the following issue : Security issue fixed : CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 Magellan bsc1119687. Release notes: https://www.sqlite.org/releaselog/3272.html Note that Tenable Network Security has extracted the...

SUSE-SU-2019:0788-1 Security update for sqlite3

This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 Magellan bsc1119687. Release notes: https://www.sqlite.org/releaselog/3272.html...

CVE-2019-9936

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5hash.c...

sqlite3/ossfuzz: Use-of-uninitialized-value in accessPayload

Detailed report: https://oss-fuzz.com/testcase?key=5649176925306880 Project: sqlite3 Fuzzer: libFuzzersqlite3ossfuzz Fuzz target binary: ossfuzz Job Type: libfuzzermsansqlite3 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: accessPayload vdbeMemFromBtreeResiz...

ZRECore 1.3.1 Database Configuration Disclosure

Exploit Title : ZRECore 1.3.1 Database Config Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/02/2019 Vendor Homepage : zend.com Software Download Link : github.com/zrecore/ZRECore/archive/master.zip Software Information Link :...

Fedora 28 : php (2019-a6511b0eed)

PHP version 7.2.14 10 Jan 2019 Core: - Fixed bug php77369 memcpy with negative length via crafted DNS response. Stas - Fixed bug php71041 zendsignalstartup needs ZENDAPI. Valentin V. Bartenev - Fixed bug php76046 PHP generates 'FEFREE' opcode on the wrong line. Nikita Date: - Fixed bug php77097...

Fedora 29 : php (2019-aa6036fcb3)

PHP version 7.2.14 10 Jan 2019 Core: - Fixed bug php77369 memcpy with negative length via crafted DNS response. Stas - Fixed bug php71041 zendsignalstartup needs ZENDAPI. Valentin V. Bartenev - Fixed bug php76046 PHP generates 'FEFREE' opcode on the wrong line. Nikita Date: - Fixed bug php77097...

Debian DLA-1633-1 : sqlite3 security update

Several flaws were corrected in SQLite, a SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial of...

[SECURITY] [DLA 1633-1] sqlite3 security update

Package : sqlite3 Version : 3.8.7.1-1+deb8u4 CVE ID : CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-10989 CVE-2018-8740 Debian Bug : 867618 893195 Several flaws were corrected in SQLite, an SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer...

DLA-1633-1 sqlite3 - security update

Bulletin has no description...

Updated sqlite3 packages fix security vulnerability

A security issue fixed upstream in sqlite3 has been announced: https://www.openwall.com/lists/oss-security/2018/12/21/1 The issue is fixed in 3.25.3...

MGASA-2018-0489 Updated sqlite3 packages fix security vulnerability

A security issue fixed upstream in sqlite3 has been announced: https://www.openwall.com/lists/oss-security/2018/12/21/1 The issue is fixed in 3.25.3...

UBUNTU-CVE-2018-17197

A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika...

Debian DLA-1613-1 : sqlite3 security update

Security experts at Tencents Blade security team have discovered a critical vulnerability in SQLite database software nicknamed 'Magellan'. The 'Magellan' remote code execution vulnerability has now been fixed by adding extra defenses against strategically corrupt databases to fts3/4. For Debian ...

[SECURITY] [DLA 1613-1] sqlite3 security update

Package : sqlite3 Version : 3.8.7.1-1+deb8u3 CVE ID : CVE-2018-20346 Security experts at Tencent’s Blade security team have discovered a critical vulnerability in SQLite database software nicknamed "Magellan". The "Magellan" remote code execution vulnerability has now been fixed by adding extra...

DLA-1613-1 sqlite3 - security update

Bulletin has no description...

Google Chrome 70 - SQLite Magellan Crash (PoC)

This proof-of-concept crashes the Chrome renderer process using Tencent Blade Team's Magellan SQLite3 bug. It's based on a SQLite test case from the commit that fixed the bug. If you're using Chrome 70 or below, tap the button below to crash this page: Crash this page Your browser's user agent is...

Quicken Deluxe 2018 for Mac Information Disclosure Vulnerability

Quicken Deluxe 2018 for Mac is a suite of personal finance software for the Mac-based platform from the US-based Quicken. An information disclosure vulnerability exists in the password protection feature in Quicken Deluxe 2018 for Mac version 5.2.2, which can be exploited by an attacker who sends...

CVE-2018-3854

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowin...

CVE-2018-3854

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowin...