Lucene search
K

12 matches found

F5 Networks
F5 Networks
added 2024/10/10 2:40 a.m.52 views

K000141402: SQLite vulnerabilities CVE-2018-20506, CVE-2018-20505, CVE-2018-20346, CVE-2015-5895, CVE-2015-3717

Security Advisory Description CVE-2018-20506 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute...

10CVSS8.1AI score0.09683EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2023/09/04 12:0 a.m.6 views

The vulnerability of the ext/fts3/fts3.c component of the SQLite database management system allows a hacker to execute arbitrary code.

The vulnerability of the ext/fts3/fts3.c component of the SQLite database management system is related to integer overflow. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7CVSS7.5AI score0.0103EPSS
Exploits0References20Affected Software15
Positive Technologies
Positive Technologies
added 2022/10/03 12:0 a.m.7 views

PT-2022-28264 · Libsqlite +1 · Libsqlite +1

Name of the Vulnerable Software and Affected Versions: sqlite3 versions 1.5.0 Description: A potential vulnerability in the FTS3 extension of libsqlite has been identified, which can be exploited by an attacker with full SQL access who can construct a corrupt database with over 2GB of FTS3 conten...

7.8AI score
Exploits0References4
CNVD
CNVD
added 2020/05/28 12:0 a.m.3 views

SQLite Resource Management Error Vulnerability (CNVD-2020-31117)

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A resource management error vulnerability exists in the 'snippet'...

7CVSS8.3AI score0.0103EPSS
Exploits0References1
SQLite
SQLite
added 2020/01/01 12:0 a.m.34 views

SQLite report about CVE-2020-13630

Malicious SQL statement causes a read-only use-after-free, possibly resulting in an incorrect output from the snippet SQL function of the FTS3 extension. There is no known way to exfiltrate data or crash the application using this bug. details...

7CVSS7.1AI score0.0103EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/10 2:33 p.m.32 views

Security Bulletin: Public disclosed vulnerability from SQLite CVE-2018-20346

Summary IBM Tivoli Composite Application Manager ITCAM for Transactions - Transaction Tracking has addressed the following SQLite vulnerability: SQLite could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when the FTS3 extension is enabled. By using...

8.1CVSS2.3AI score0.09683EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/26 7:50 a.m.31 views

Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-20346)

Summary SQLite could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when the FTS3 extension is enabled. By using specially-crafted SQL statements, an attacker could exploit this vulnerability to execute Vulnerability Details CVEID: CVE-2018-20346...

8.1CVSS1.9AI score0.09683EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/04/10 12:0 a.m.39 views

SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:0913-1)

This update for sqlite3 fixes the following issues : Security issues fixed : CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 Magellan bsc1119687. CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled bsc1131576. Note that Tenable Network Security has extract...

8.1CVSS7.2AI score0.09683EPSS
Exploits1References7
OSV
OSV
added 2019/04/03 6:29 p.m.10 views

CVE-2018-20506

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to...

8.1CVSS8.5AI score
Exploits0References27
Prion
Prion
added 2019/04/03 6:29 p.m.27 views

Integer overflow

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to...

6.8CVSS8.7AI score0.09683EPSS
Exploits1References27Affected Software8
UbuntuCve
UbuntuCve
added 2019/04/03 12:0 a.m.31 views

CVE-2018-20506

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to...

8.1CVSS7.4AI score0.07531EPSS
Exploits0References22
Prion
Prion
added 2018/12/21 9:29 p.m.24 views

Integer overflow

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL...

6.8CVSS8.7AI score0.09683EPSS
Exploits1References33Affected Software5
Rows per page
Query Builder