Privilege Escalation

sqlite3 is vulnerable to privilege escalation. The vulnerability exists through a problem during handling sub-queries with both a correlated WHERE clause and a HAVING 0 clause where the parent query is itself an aggregate...

Sarenka - OSINT Tool - Data From Services Like Shodan, Censys Etc. In One Place

SARENKA is an Open Source Intelligence OSINT tool which helps you obtaining and understanding Attack Surface. The main goal is to gathering infromation from search engines for Internet-connected devices https://censys.io/ , https://www.shodan.io/. It scraps data about Common Vulnerabilities and...

[SECURITY] [DLA 2340-2] sqlite3 regression update

Debian LTS Advisory DLA-2340-2 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez December 10, 2020 https://wiki.debian.org/LTS Package : sqlite3 Version : 3.16.2-5+deb9u3 CVE ID : CVE-2019-20218 The update of sqlite3 released as DLA-2340-1 contained an incomplete...

DLA-2340-2 sqlite3 - regression update

Bulletin has no description...

Information Disclosure

SQLite is vulnerable to information disclosure. An attacker could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c leading to a disclosure of sensitive information...

Use-After-Free

sqlite3 is vulnerable to use-after-free. The vulnerability exists in resetAccumulator in select.c due to the parse tree rewrite for window functions is too late...

Dnxfirewall - A Pure Python Next Generation Firewall Built On Top Of Linux Kernel/Netfilter

DNX Firewall is an optimized/high performance collection of applications or services to convert a standard linux system into a zone based next generation firewall. All software is designed to run in conjunction with eachother, but with a modular design certain aspects can be completely removed wi...

Denial Of Service (DoS)

sqlite3 is vulnerable to denial of service DoS. The vulnerability exists as the WITH stack continues to unwind even after a parsing error in selectExpander in select.c...

GHSA-MF7C-58Q5-7V65 Downloads Resources over HTTP in npm-test-sqlite3-trunk

Affected versions of npm-test-sqlite3-trunk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

Downloads Resources over HTTP in npm-test-sqlite3-trunk

Affected versions of npm-test-sqlite3-trunk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

Mihari - A Helper To Run OSINT Queries & Manage Results Continuously

Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and phishing hunting. How it works Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts IP addresses, domains, URLs and hashes from the results...

sqlite3:ossfuzz: Use-of-uninitialized-value in sqlite3Atoi64

Detailed Report: https://oss-fuzz.com/testcase?key=5200300586303488 Project: sqlite3 Fuzzing Engine: libFuzzer Fuzz Target: ossfuzz Job Type: libfuzzermsansqlite3 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sqlite3Atoi64 computeNumericType numericType...

Debian DLA-2340-2 : sqlite3 regression update

The update of sqlite3 released as DLA-2340-1 contained an incomplete fix for CVE-2019-20218. Updated sqlite3 packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixed in version 3.16.2-5+deb9u3. We recommend that you upgrade your sqlite3 packages. For the...

Debian: Security Advisory (DLA-2340-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2340-1] sqlite3 security update

Debian LTS Advisory DLA-2340-1 [email protected] https://www.debian.org/lts/security/ August 22, 2020 https://wiki.debian.org/LTS Package : sqlite3 Version : 3.16.2-5+deb9u2 CVE ID : CVE-2018-8740 CVE-2018-20346 CVE-2018-20506 CVE-2019-5827 CVE-2019-9936 CVE-2019-9937 CVE-2019-16168...

DLA-2340-1 sqlite3 - security update

Bulletin has no description...

FreeBSD-SA-20:22.sqlite

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:22.sqlite Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in sqlite3 Category: contrib Module: sqlite3 Announced: 2020-08-05 Affects:...

sqlite3:ossfuzz: Use-of-uninitialized-value in sqlite3Atoi64

Detailed Report: https://oss-fuzz.com/testcase?key=4899130430980096 Project: sqlite3 Fuzzing Engine: libFuzzer Fuzz Target: ossfuzz Job Type: libfuzzermsansqlite3 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sqlite3Atoi64 computeNumericType numericType...

sqlite3:ossfuzz: Heap-buffer-overflow in whereLoopAddBtreeIndex

Detailed Report: https://oss-fuzz.com/testcase?key=6503337062301696 Project: sqlite3 Fuzzing Engine: honggfuzz Fuzz Target: ossfuzz Job Type: honggfuzzasansqlite3 Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x60f0000003b8 Crash State: whereLoopAddBtreeIndex...

FreeBSD : several security issues in sqlite3 (c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3)

sqlite3 update : Various security issues could be used by an attacker to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. - CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service segmentation fault via a malformed...