Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the database “find-by-cameraId” functionality of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on...

Samsung SmartThings Hub video-core Database clips Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the “clips” table of its SQLite database, leading to a buffer overflow on...

Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)

An update of 'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and...

@fto-consult/electron (>=1.0.0 <=1.0.43), @fto-consult/electron-gen (>=1.1.0 <=3.0.0) +2 more potentially affected by CVE-2017-16048 via node-sqlite (=0.0.2-security)

node-sqlite NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on node-sqlite and may be impacted: - @fto-consult/electron =1.0.0, =1.1.0, =7.6.1, =1.0.1, =1.1.6 Source cves: CVE-2017-16048 Source advisory: OSV:GHSA-X52F-H74P-9JH8...

node-sqlite is malware

The node-sqlite package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

FreeBSD : SQLite -- Corrupt DB can cause a NULL pointer dereference (c1630aa3-7970-11e8-8634-dcfe074bd614)

MITRE reports : SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

CVE-2018-7774

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter...

Sql injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

Sql injection

The vulnerability exists within processing of trackgetdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...

Sql injection

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter...

Sql injection

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter...

Sql injection

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...

CVE-2018-7773

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter...

Sql injection

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter...

CVE-2018-7766

The vulnerability exists within processing of trackgetdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...

CVE-2018-7765

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

CVE-2018-7767

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter...

CVE-2018-7769

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...

Sql injection

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter...

Sql injection

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter...