CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

sqlite -- integer overflow

[email protected] reports: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in...

ROS-20250403-03

Vulnerability of SQLite hints and ETRN serialization functions of Exim mail server is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sendi...

CVE-2025-2265

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

CVE-2025-2265

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

CVE-2025-2265

The CVE-2025-2265 entry concerns Santesoft Sante PACS Server (Sante PACS Server.exe) where a web user’s password is processed as a 0x2000-byte zero-padded value that is SHA-1 hashed, base64-encoded, and stored in the HTTP.db’s USER table. The reported issue is that the number of hash bytes encode...

NocoDB Cross-Site Scripting Vulnerability (CNVD-2025-05387)

NocoDB is an open source Airtable alternative. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb to a smart spreadsheet. A cross-site scripting vulnerability exists in NocoDB versions prior to 0.258.0, which stems from the lack of effective filtering and escaping of user-supplied data...

Linux Distros Unpatched Vulnerability : CVE-2022-35737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVE-2022-357...

Linux Distros Unpatched Vulnerability : CVE-2021-45346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is...

Linux Distros Unpatched Vulnerability : CVE-2017-15286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where sqlite3steppStmt==SQLITEROW is false...

Linux Distros Unpatched Vulnerability : CVE-2017-10989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted...

Linux Distros Unpatched Vulnerability : CVE-2019-19244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage...

Linux Distros Unpatched Vulnerability : CVE-2017-13685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dumpcallback function in SQLite 3.20.0 allows remote attackers to cause a denial of service EXCBADACCESS and application crash via a crafted file...

Linux Distros Unpatched Vulnerability : CVE-2019-20218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. CVE-2019-20218 Note that Nessus relies on the presenc...

Linux Distros Unpatched Vulnerability : CVE-2015-7036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fts3tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a deni...

Linux Distros Unpatched Vulnerability : CVE-2016-6153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - osunix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information,...

Linux Distros Unpatched Vulnerability : CVE-2019-13753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory vi...

Linux Distros Unpatched Vulnerability : CVE-2019-19603

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. CVE-2019-19603 Note that Nessus relies on the...