CVE-2019-9936

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5hash.c...

sqlite3/ossfuzz: Use-of-uninitialized-value in accessPayload

Detailed report: https://oss-fuzz.com/testcase?key=5649176925306880 Project: sqlite3 Fuzzer: libFuzzersqlite3ossfuzz Fuzz target binary: ossfuzz Job Type: libfuzzermsansqlite3 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: accessPayload vdbeMemFromBtreeResiz...

ZRECore 1.3.1 Database Configuration Disclosure

Exploit Title : ZRECore 1.3.1 Database Config Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/02/2019 Vendor Homepage : zend.com Software Download Link : github.com/zrecore/ZRECore/archive/master.zip Software Information Link :...

Fedora 28 : php (2019-a6511b0eed)

PHP version 7.2.14 10 Jan 2019 Core: - Fixed bug php77369 memcpy with negative length via crafted DNS response. Stas - Fixed bug php71041 zendsignalstartup needs ZENDAPI. Valentin V. Bartenev - Fixed bug php76046 PHP generates 'FEFREE' opcode on the wrong line. Nikita Date: - Fixed bug php77097...

Fedora 29 : php (2019-aa6036fcb3)

PHP version 7.2.14 10 Jan 2019 Core: - Fixed bug php77369 memcpy with negative length via crafted DNS response. Stas - Fixed bug php71041 zendsignalstartup needs ZENDAPI. Valentin V. Bartenev - Fixed bug php76046 PHP generates 'FEFREE' opcode on the wrong line. Nikita Date: - Fixed bug php77097...

Debian DLA-1633-1 : sqlite3 security update

Several flaws were corrected in SQLite, a SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. CVE-2017-2519 Insufficient size of the reference count on Table objects could lead to a denial of...

[SECURITY] [DLA 1633-1] sqlite3 security update

Package : sqlite3 Version : 3.8.7.1-1+deb8u4 CVE ID : CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2017-10989 CVE-2018-8740 Debian Bug : 867618 893195 Several flaws were corrected in SQLite, an SQL database engine. CVE-2017-2518 A use-after-free bug in the query optimizer may cause a buffer...

DLA-1633-1 sqlite3 - security update

Bulletin has no description...

Updated sqlite3 packages fix security vulnerability

A security issue fixed upstream in sqlite3 has been announced: https://www.openwall.com/lists/oss-security/2018/12/21/1 The issue is fixed in 3.25.3...

MGASA-2018-0489 Updated sqlite3 packages fix security vulnerability

A security issue fixed upstream in sqlite3 has been announced: https://www.openwall.com/lists/oss-security/2018/12/21/1 The issue is fixed in 3.25.3...

UBUNTU-CVE-2018-17197

A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika...

Debian DLA-1613-1 : sqlite3 security update

Security experts at Tencents Blade security team have discovered a critical vulnerability in SQLite database software nicknamed 'Magellan'. The 'Magellan' remote code execution vulnerability has now been fixed by adding extra defenses against strategically corrupt databases to fts3/4. For Debian ...

[SECURITY] [DLA 1613-1] sqlite3 security update

Package : sqlite3 Version : 3.8.7.1-1+deb8u3 CVE ID : CVE-2018-20346 Security experts at Tencent’s Blade security team have discovered a critical vulnerability in SQLite database software nicknamed "Magellan". The "Magellan" remote code execution vulnerability has now been fixed by adding extra...

DLA-1613-1 sqlite3 - security update

Bulletin has no description...

Google Chrome 70 - SQLite Magellan Crash (PoC)

This proof-of-concept crashes the Chrome renderer process using Tencent Blade Team's Magellan SQLite3 bug. It's based on a SQLite test case from the commit that fixed the bug. If you're using Chrome 70 or below, tap the button below to crash this page: Crash this page Your browser's user agent is...

Quicken Deluxe 2018 for Mac Information Disclosure Vulnerability

Quicken Deluxe 2018 for Mac is a suite of personal finance software for the Mac-based platform from the US-based Quicken. An information disclosure vulnerability exists in the password protection feature in Quicken Deluxe 2018 for Mac version 5.2.2, which can be exploited by an attacker who sends...

CVE-2018-3854

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowin...

CVE-2018-3854

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowin...

PT-2018-16248 · Quicken · Quicken Deluxe 2018 For Mac

Name of the Vulnerable Software and Affected Versions: Quicken Deluxe 2018 for Mac version 5.2.2 Description: An information disclosure issue exists in the password protection functionality. A specially crafted sqlite3 request can remove the password protection, allowing access and modification o...

Endpoint for Out-of-Band Exfiltration: Arecibo

In the process of identifying and exploiting vulnerabilities, it is sometimes necessary to resort to Out of Band OOB techniques in order to exfiltrate information through DNS resolutions or HTTP requests. To address this kind of situation the faster and simpler solution can be the use of a Burp...