650 matches found
Design/Logic Flaw
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...
CVE-2022-21227
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...
CVE-2022-21227 Denial of Service (DoS)
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...
CVE-2022-21227
CVE-2022-21227 affects the sqlite3 package prior to 5.0.3. The vulnerability is a Denial of Service caused by improper input handling in toString, where passing a crafted Function object can cause the V8 engine to crash. Public documents consistently describe this DoS vector and note the affected...
CVE-2022-21227
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...
Denial Of Service (DoS)
sqlite3 is vulnerable to denial of service. The vulnerability exists because the library does not properly verify the ToString function's return values in statement.cc before casting to the utf-8 encoding, allowing an attacker to crash the application by providing invalid parameters...
Denial-of-Service when binding invalid parameters in sqlite3
Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of sqlite3 v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are...
7ghost (>=4.11.0 <=4.11.46), 90crew-sqlite-async (=0.0.4) +216 more potentially affected by CVE-2022-21227 via sqlite3 (>=5.0.0 <=5.0.2)
sqlite3 NPM version =5.0.0, =4.11.0, =0.1.0, =1.1.0, =12.1.0-alpha.6, =2.0.11, =0.2.5, =0.1.3-alpha.0, =0.1.19-alpha.0, =0.1.11-alpha.0, =0.1.3-alpha.0, =7.0.0, =7.3.8 and more Source cves: CVE-2022-21227 Source advisory: OSV:GHSA-9QRH-QJMC-5W2P...
GHSA-9QRH-QJMC-5W2P Denial-of-Service when binding invalid parameters in sqlite3
Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of sqlite3 v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are...
OPENSUSE-SU-2022:0953-1 Security update for perl-DBD-SQLite
This update for perl-DBD-SQLite fixes the following issues: - updated to 1.66 - Use external sqlite3 library rather than internal code. bsc1195771...
SUSE-SU-2022:0953-1 Security update for perl-DBD-SQLite
This update for perl-DBD-SQLite fixes the following issues: - updated to 1.66 - Use external sqlite3 library rather than internal code. bsc1195771...
Security update for perl-DBD-SQLite (moderate)
openSUSE Security Update: Security update for perl-DBD-SQLite Announcement ID: openSUSE-SU-2022:0953-1 Rating: moderate References: 1195771 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 An update that contains security fixes can now be installed. Description: This update for...
FreeTAKServer-UI SQL Injection Vulnerability
FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam team.FreeTAKServer-UI is vulnerable to SQL injection, which stems from the API endpoint/AuthenticateUser containing SQL injection into the SQLite3 database, which can be exploited by an attacker to obtain the database All...
Memory corruption
DISPUTED A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user...
CVE-2021-45346
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...
7ghost (>=4.11.0 <=4.11.46), 90crew-sqlite-async (=0.0.4) +216 more potentially affected by CVE-2022-21227 via sqlite3 (>=5.0.0 <=5.0.2)
sqlite3 NPM version =5.0.0, =4.11.0, =0.1.0, =1.1.0, =12.1.0-alpha.6, =2.0.11, =0.2.5, =0.1.3-alpha.0, =0.1.19-alpha.0, =0.1.11-alpha.0, =0.1.3-alpha.0, =7.0.0, =7.3.8 and more Source cves: CVE-2022-21227 Source advisory: SNYK:JS-SQLITE3-2388645...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. PoC js let sqlite3 = require'sqlite3'.verbose; let db = new...
Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help
Adware strains Shlayer and Bundlore are the most common malware in macOS – although they have slight variations, they have long invaded and bypassed Xprotect, Notarization, Gatekeeper, and File Quarantine, all security features pre-built into macOS. The Uptycs threat research team has tracked the...
Mageia: Security Advisory (MGASA-2018-0393)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2017-0081)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...