Ubuntu: Security Advisory (USN-4205-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:3050-1)

This update for sqlite3 fixes the following issues : CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement bsc1155787. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

Sql injection

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage...

SUSE-SU-2019:14227-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement bsc1155787...

SUSE-SU-2019:3050-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement bsc1155787...

CVE-2019-2195

In tokenize of sqlite3android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2019-2195

In tokenize of sqlite3android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2019-2195

The CVE-2019-2195 issue affects Android, described as an input-validation flaw in tokenize of sqlite3_android.cpp that allows an attacker-controlled INSERT statement. This leads to local elevation of privilege with no additional execution privileges required and no user interaction needed. Produc...

Smartweares HOME easy Authentication Bypass Vulnerability

Smartweares HOME easy is prone to an authentication bypass vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

Android Gather Dump Password Hashes for Android Systems

Post Module to dump the password hashes for Android System. Root is required. To perform this operation, two things are needed. First, a password.key file is required as this contains the hash but no salt. Next, a sqlite3 database is needed with supporting files to pull the salt from. Combined,...

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass

Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540 Advisory URL:...

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540...

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540 Advisory URL:...

Smartwares HOME Easy 1.0.9 Authentication Bypass

Smartwares HOME easy v1.0.9 Client-Side Authentication Bypass Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Summary: Home Easy/Smartwares are a range of products designed to remotely control your home using wireless technology. Home Easy/Smartwares is ver...

Smartwares HOME easy v1.0.9 Client-Side Authentication Bypass

Summary Home Easy/Smartwares are a range of products designed to remotely control your home using wireless technology. Home Easy/Smartwares is very simple to set up and allows you to operate your electrical equipment like lighting, appliances, heating etc. Description HOME easy suffers from...

sqlite3:ossfuzz: Heap-use-after-free in sqlite3VdbeAddFunctionCall

Detailed Report: https://oss-fuzz.com/testcase?key=5707309678592000 Project: sqlite3 Fuzzing Engine: libFuzzer Fuzz Target: ossfuzz Job Type: libfuzzerasani386sqlite3 Platform Id: linux Crash Type: Heap-use-after-free WRITE 4 Crash Address: 0xf4d37e80 Crash State: sqlite3VdbeAddFunctionCall...

sqlite3:ossfuzz: Heap-use-after-free in sqlite3GenerateConstraintChecks

Detailed Report: https://oss-fuzz.com/testcase?key=5092981682208768 Project: sqlite3 Fuzzing Engine: libFuzzer Fuzz Target: ossfuzz Job Type: libfuzzerasansqlite3 Platform Id: linux Crash Type: Heap-use-after-free READ 2 Crash Address: 0x61d000002642 Crash State: sqlite3GenerateConstraintChecks...

openSUSE Security Update : sqlite3 (openSUSE-2019-2300)

This update for sqlite3 fixes the following issues : Security issue fixed : - CVE-2019-16168: Fixed improper validation of sqlitestat1 field that could lead to denial of service bsc1150137. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The...

openSUSE Security Update : sqlite3 (openSUSE-2019-2298)

This update for sqlite3 fixes the following issues : Security issue fixed : - CVE-2019-16168: Fixed improper validation of sqlitestat1 field that could lead to denial of service bsc1150137. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network...

openSUSE: Security Advisory for sqlite3 (openSUSE-SU-2019:2298-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...