Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

MiracleLinux 8 : sqlite-3.26.0-13.el8 (AXSA:2021-1806:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1806:01 advisory. sqlite: integer overflow in sqlite3strvappendf function in printf.c CVE-2020-13434 sqlite: heap-based buffer overflow in multiSelectOrderBy due to...

MiracleLinux 7 : sqlite-3.7.17-8.el7.1 (AXSA:2020-047:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-047:01 advisory. Fixes for CVE-2019-13734 CVE-2019-13734 Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit...

MiracleLinux 8 : sqlite-3.26.0-19.el8_9 (AXSA:2024-7420:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7420:01 advisory. sqlite: heap-buffer-overflow at sessionfuzz CVE-2023-7104 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : sqlite-3.26.0-15.el8 (AXSA:2021-2598:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2598:02 advisory. sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces CVE-2019-5827 sqlite: dropping of shadow tables not restricted in...

MiracleLinux 9 : sqlite-3.34.1-6.el9 (AXSA:2023-4888:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4888:02 advisory. sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API CVE-2022-35737 Tenable has extracted the preceding description...

MiracleLinux 8 : sqlite-3.26.0-18.el8 (AXSA:2023-6185:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6185:03 advisory. sqlite: Crash due to misuse of window functions. CVE-2020-24736 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : sqlite-3.26.0-16.el8 (AXSA:2022-3931:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3931:01 advisory. sqlite: Out of bounds access during table rename CVE-2020-35527 sqlite: Null pointer derreference in src/select.c CVE-2020-35525 Tenable has extract...

MiracleLinux 8 : sqlite-3.26.0-17.el8 (AXSA:2023-4779:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4779:01 advisory. sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API CVE-2022-35737 Tenable has extracted the preceding description...

MiracleLinux 9 : sqlite-3.34.1-7.el9_3 (AXSA:2024-7480:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7480:02 advisory. sqlite: heap-buffer-overflow at sessionfuzz CVE-2023-7104 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : sqlite-3.26.0-6.el8 (AXSA:2020-328:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-328:02 advisory. sqlite: heap out-of-bound read in function rtreenode CVE-2019-8457 sqlite: fts3: improve shadow table corruption detection CVE-2019-13752 sqlite: fts...

MiracleLinux 8 : sqlite-3.26.0-11.el8 (AXSA:2020-1005:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-1005:03 advisory. sqlite: Use-after-free in window function leading to remote code execution CVE-2019-5018 sqlite: Division by zero in whereLoopAddBtreeIndex in...

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

CVE-2026-21696

Wings (Pterodactyl) security issue CVE-2026-21696 affects version 1.7.0 through before 1.12.0. The bug arises from not honoring SQLite’s max parameter limit (32766) when deleting activity log entries, causing a query to fail with “too many SQL variables.” As a result, processed activity entries a...

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

CVE-2026-23838

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-23838 Tandoor Recipes module allows SQLite database to be externally accessible with the default settings

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-23838

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...