24 matches found
RLSA-2021:1968 Moderate: mingw packages security and bug fix update
MinGW is a free and open source software development environment to create Microsoft Windows applications. The following packages have been upgraded to a later upstream version: mingw-sqlite 3.26.0.0. BZ1845475 Security Fixes: sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c...
SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
...
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables related to alter.c and build.c.
...
SUSE CVE-2018-20346
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL...
SUSE CVE-2018-20506
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to...
SUSE CVE-2020-13631
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c...
RHEL 8 : sqlite (RHSA-2021:4396)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4396 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a singl...
CentOS 8 : sqlite (CESA-2021:4396)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4396 advisory. - sqlite: dropping of shadow tables not restricted in defensive mode CVE-2019-13750 - sqlite: fts3: improve detection of corrupted records CVE-2019-137...
sqlite: dropping of shadow tables not restricted in defensive mode
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...
Moderate: Red Hat Security Advisory: sqlite security update
An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ALSA-2021:4396 Moderate: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
sqlite security update
An update is available for sqlite. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SQLite is a C library that implements an SQL database engine. A large subset o...
RLSA-2021:4396 Moderate: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
Moderate: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
Integer Overflow
SQLite is vulnerable to integer overflow. An attacker may supply a crafted changes to FTS3 shadow tables, allowing execution arbitrary code by leveraging the ability to run arbitrary SQL statements...
USN-4298-2 sqlite3 vulnerabilities
USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a...
CVE-2020-13631
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c...
UBUNTU-CVE-2020-13631
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c...
USN-4298-1 sqlite3 vulnerabilities
It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2019-13734, CVE-2019-13750, CVE-2019-13753 It was discovered that SQLite incorrectly handle...
sqlite: dropping of shadow tables not restricted in defensive mode
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page...