flatCore SQL注入漏洞

flatCore is a lightweight content management system CMS based on PHP and SQLite. A SQL injection vulnerability exists in flatCore CMS prior to version 2.0.0 build 139. The vulnerability stems from the program accepting input from a malicious user without properly detecting the input, resulting in...

SQLite report about CVE-2021-45346

This CVE is misinformation. See the discussion around SQLite forum post 53de8864ba114bf...

SQLite report about CVE-2021-28305

This is not a bug in SQLite. The bug is in a third-party application that uses SQLite. SQLite is mentioned by name in the CVE description, however, so we have included the CVE in the list...

SQLite report about CVE-2021-31239

This is a bug in the CLI. It allows a user with unrestricted shell access to cause a denial-of-service. Of course, there are a million easier ways for a user with unrestricted shell access to cause far worse mischief. The problem was in the appendvfs extension which is not a part of standard...

SQLite report about CVE-2021-36690

This bug is not in the SQLite core library, but rather in an experimental extension that is used to implement the .expert command in the CLI. The code that contains the bug does not appear in standard SQLite builds, though it is included in the sqlite3.exe command-line tool. Applications must lin...

SQLite report about CVE-2021-20223

The problem identified by this CVE is not a vulnerability. It is a malfunction. A coding error causes FTS5 to sometimes return inconsistent and incorrect results under obscure circumstances, but no memory errors occur. details...

SQLite report about CVE-2021-20227

Malicious SQL statement causes read-after-free. No harm can come of this particular read-after-free instance, as far as anyone knows. The bug is undetectable without a memory sanitizer. The CVE claims that this bug is an RCE - a Remote Code Execution vulnerability, but that claim is incorrect. Th...

SQLite report about CVE-2021-0646

Duplicate of CVE-2020-13434...

SQLite report about CVE-2021-23404

This is not a bug in SQLite. The bug is in a third-party application that uses SQLite and includes "sqlite" in its name. This CVE is included on the list because it mentions SQLite even though the bug has nothing to do with SQLite...

CVE-2020-26273

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This does allow arbitrary...

CVE-2020-26273 sqlite ATTACH allows some filesystem access

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This does allow arbitrary...

CVE-2020-26273

Summary: CVE-2020-26273 affects osquery prior to 4.6.0. By abusing sqlite’s ATTACH verb, an administrator can read/write to arbitrary sqlite databases on disk, potentially creating new sqlite files. Existing non-sqlite files are not overwritten according to the sources. The vulnerability is mitig...

Apple SQLite Information Disclosure Vulnerability

Apple macOS is a specialized operating system developed by Apple for Mac computers. A security vulnerability exists in Apple SQLite, which allows remote attackers to exploit the vulnerability to disclose memory...

About the security content of iCloud for Windows 11.5 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

About the security content of iCloud for Windows 11.4 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

osquery Command Injection Vulnerability

osquery is a SQL-driven framework for operating system detection, monitoring and analysis. A command injection vulnerability exists in osquery versions prior to 4.6.0, which stems from the fact that by using additional predicates in sqlite, a person with osquery administrative access can read and...

The vulnerability of the zipfile() function in the SQLite database management system allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the zipfile function in the SQLite database management system is related to the improper handling of certain ZIP archives. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

NewStart CGSL CORE 5.05 / MAIN 5.05 : sqlite Vulnerability (NS-SA-2020-0096)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sqlite packages installed that are affected by a vulnerability: - Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Integer Overflow

SQLite is vulnerable to integer overflow. An attacker may supply a crafted changes to FTS3 shadow tables, allowing execution arbitrary code by leveraging the ability to run arbitrary SQL statements...

NULL Pointer Dereference

SQLite is vulnerable to NULL pointer dereference. An attacker, interleaving reads and writes in a single transaction with an fts5 virtual table could cause denial of service conditions...