GO-2025-3456 WhoDB has a path traversal opening Sqlite3 database in github.com/clidey/whodb/core

WhoDB has a path traversal opening Sqlite3 database in github.com/clidey/whodb/core...

GHSA-9R4C-JWX3-3J76 WhoDB has a path traversal opening Sqlite3 database

Summary While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Details WhoDB allows use...

WhoDB has a path traversal opening Sqlite3 database

Summary While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Details WhoDB allows use...

CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24786

WhoDB (CVE-2025-24786) contains a path-traversal vulnerability in the SQLite3 access logic. The app exposes databases that may be opened via a user-supplied filename, constructing a path with a default directory (/db or ./tmp in dev) and using .Join() without validating that the path stays within...

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2022-43441

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability...

[SECURITY] Fedora 40 Update: buku-4.9-1.fc40

Buku is a powerful bookmark manager written in Python3 and SQLite3. Buku fetches the title of a bookmarked web page and stores it along with any additional comments and tags. You can use your favourite editor to compose and update bookmarks. With multiple search options, including regex and a dee...

SQLite3 generate_series Stack Buffer Underflow Vulnerability

SQLite3 suffers from a stack buffer underflow condition in seriesBestIndex in the generateseries extension. Vulnerability details static int seriesBestIndex sqlite3vtab pVTab, sqlite3indexinfo pIdxInfo int i, j; / Loop over constraints / int idxNum = 0; / The query plan bitmask / ifndef...

SQLite3 generate_series Stack Buffer Underflow

Vulnerability details static int seriesBestIndex sqlite3vtab pVTab, sqlite3indexinfo pIdxInfo int i, j; / Loop over constraints / int idxNum = 0; / The query plan bitmask / ifndef ZEROARGUMENTGENERATESERIES int bStartSeen = 0; / EQ constraint seen on the START column / endif int unusableMask = 0;...

Debian: Security Advisory (DLA-3907-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3907-1] sqlite3 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3907-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 30, 2024 https://wiki.debian.org/LTS -...

Debian dla-3907 : lemon - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3907 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3907-1 [email protected]...

DLA-3907-1 sqlite3 - security update

Bulletin has no description...

Security Bulletin: IBM Storage Ceph is vulnerable to the Improper Restriction of Operations within the Bounds of a Memory Buffer in the RHEL UBI (CVE-2023-7104)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-7104. Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow,...

SUSE-SU-2024:2429-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow bsc1210660...

Ubuntu: Security Advisory (USN-5615-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6566-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6566-2: SQLite vulnerability

USN-6566-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled certain memory operations in the sessions extension. A remote attacker could possibly...