SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

...

In SQLite through 3.29.0 whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field aka a "severe division by zero in the query planner."

...

USN-5615-3 sqlite3 vulnerability

USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash...

USN-5615-3: SQLite vulnerability

USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash...

Ubuntu 14.04 LTS : SQLite vulnerability (USN-5615-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5615-3 advisory. USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Tenable has extracted the...

USN-6566-2 sqlite3 vulnerability

USN-6566-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled certain memory operations in the sessions extension. A remote attacker could possibly...

Ubuntu 18.04 LTS : SQLite vulnerability (USN-6566-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6566-2 advisory. USN-6566-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS. Tenable has extracted the...

Malicious code in sql-to-sqlite (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5825 Malicious code in pythonsqliteaddition (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5826 Malicious code in pythonsqlitedbextv1 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in pythonsqlite2toolsv1 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5824 Malicious code in pythonsqlite2toolsv1 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5823 Malicious code in pythonsqlite2mod (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

GHSA-V42G-7Q2X-CW32 Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

Fedora: Security Advisory (FEDORA-2024-680b8ba54e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

RHEL 6 : sqlite (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sqlite: Heap-buffer overflow in the getNodeSize function CVE-2017-10989 - osunix.c in SQLite before 3.13....

RHEL 8 : sqlite (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c CVE-2019-9936 -...