Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.0.2)

The version of AHV installed on the remote host is prior to AHV-10.3.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.0.2 advisory. - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the...

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-32415 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploi...

Malicious code in antd-cressida-gulp-sqlite (npm)

The package antd-cressida-gulp-sqlite was found to contain malicious code...

Malicious code in buffer-sqlite-titan-subscription (npm)

The package buffer-sqlite-titan-subscription was found to contain malicious code...

Malicious code in toml-superposition-barnard-sqlite (npm)

The package toml-superposition-barnard-sqlite was found to contain malicious code...

Malicious code in transport-thermochronology-achernar-sqlite (npm)

The package transport-thermochronology-achernar-sqlite was found to contain malicious code...

MAL-2025-43673 Malicious code in buffer-sqlite-titan-subscription (npm)

The package buffer-sqlite-titan-subscription was found to contain malicious code...

MAL-2025-43453 Malicious code in antd-cressida-gulp-sqlite (npm)

The package antd-cressida-gulp-sqlite was found to contain malicious code...

MAL-2025-46363 Malicious code in toml-superposition-barnard-sqlite (npm)

The package toml-superposition-barnard-sqlite was found to contain malicious code...

MAL-2025-46374 Malicious code in transport-thermochronology-achernar-sqlite (npm)

The package transport-thermochronology-achernar-sqlite was found to contain malicious code...

OESA-2025-2160 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

OESA-2025-2161 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

CVE-2025-57806

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page...

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

...

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.

...

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

...

Medium: rust

Issue Overview: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. CVE-2025-6965 Affected Packages: rust...

Amazon Linux 2 : rust, --advisory ALAS2-2025-2978 (ALAS-2025-2978)

The version of rust installed on the remote host is prior to 1.86.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2978 advisory. There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns...

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

...

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

...