SQLite Resource Management Error Vulnerability

SQLite is a lightweight database that is an ACID compliant relational database management system. SQLite suffers from a resource management error vulnerability that stems from SQLite incorrectly handling certain subqueries. An attacker could use this vulnerability could exploit this issue to caus...

Ubuntu 20.10 : SQLite vulnerability (USN-4732-1)

The remote Ubuntu 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4732-1 advisory. SQLite could be made to crash or run programs if it processed a specially crafted query. Tenable has extracted the preceding description block directly from the Ubunt...

In SQLite before 3.32.3 select.c mishandles query-flattener optimization leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

Apple Mac OS X Security Updates (HT212147)-04

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : sqlite (CESA-2020:1810)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1810 advisory. - sqlite: fts3: improve shadow table corruption detection CVE-2019-13752 - sqlite: fts3: incorrectly removed corruption check CVE-2019-13753 - sqlite:...

CentOS 8 : sqlite (CESA-2020:0273)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0273 advisory. - sqlite: fts3: improve shadow table corruption detection CVE-2019-13734 Note that Nessus has not tested for this issue but has instead relied only on the...

CentOS 8 : sqlite (CESA-2020:4442)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4442 advisory. - sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c CVE-2019-16168 - sqlite: selectExpander in select.c proceeds with WITH stack unwindin...

PT-2021-2226 · Sqlite +3 · Sqlite +3

Name of the Vulnerable Software and Affected Versions: SQLite affected versions not specified Description: A flaw was found in SQLite's SELECT query functionality, specifically in the src/select.c file. This issue allows an attacker capable of running SQL queries locally on the SQLite database to...

flatCore CMS Cross-Site Scripting Vulnerability

flatCore is a lightweight content management system CMS based on PHP and SQLite. A cross-site scripting vulnerability exists in flatCore CMS prior to version 2.0.0 build 139, which stems from the program accepting malicious client-side scripts and failing to properly detect them, which can be...

[SECURITY] Fedora 33 Update: coturn-4.5.2-1.fc33

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gat eway. It can be used as a general-purpose network traffic TURN server/gateway, to o. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relayin...

[SECURITY] Fedora 32 Update: coturn-4.5.2-1.fc32

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gat eway. It can be used as a general-purpose network traffic TURN server/gateway, to o. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relayin...

Fedora: Security Advisory for coturn (FEDORA-2021-32d0068851)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

flatCore SQL Injection Vulnerability (CNVD-2021-03255)

flatCore is a lightweight content management system CMS based on PHP and SQLite. A SQL injection vulnerability exists in flatCore CMS prior to version 2.0.0 build 139. The vulnerability stems from the program accepting input from a malicious user without properly detecting the input, resulting in...

Security Bulletin: IBM MaaS360 Cloud Extender has security vulnerabilities (CVE-2020-1155, CVE-2020-1156)

Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Vulnerability Details CVEID: CVE-2020-11656 DESCRIPTION: SQLite could allow a remote attacker to obtain sensitive information, caused by a use-after-free in the ALTER TABLE implementation. By sending a special...

Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-9327)

Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Vulnerability Details CVEID: CVE-2020-9327 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in isAuxiliaryVtabOperator. By generating column optimization, a remote...

[SECURITY] Fedora 33 Update: roundcubemail-1.4.10-1.fc33

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 32 Update: roundcubemail-1.4.10-1.fc32

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

flatCore CMS XSS / File Disclosure / SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: 2.0.0 Build 139 fixed version: Release 2.0.0 Build 139 CVE number: CVE-2021-23835, CVE-2021-23836,...