CVE-2023-37470

Metabase versions prior to 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 are affected by a remote code execution vulnerability stemming from the embedded H2 database. The issue allows a user-supplied connection string to contain code that is subsequently execu...

CVE-2023-37470 Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl-libs, libssh, libarchive, sqlite and go-toolset

Summary Multiple issues were identified in Red Hat UBI packages openssl-libs, libssh, libarchive, sqlite and go-toolset that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images CVE-2020-24736, CVE-2020-29652, CVE-2022-32189, CVE-2023-2283, CVE-2022-36227, CVE-2023-2453...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to [CVE-2020-24736]

Summary SQLite is not used directly by IBM App Connect Enterprise Certified Container but is present in the images as part of the base operating system. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address...

PT-2023-5054 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.0 Description: The issue is related to the use of alternative driver names when importing a database, which could allow a remote attacker to create arbitrary files and gain unauthorized access ...

EulerOS Virtualization 3.0.6.6 : sqlite (EulerOS-SA-2023-2437)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. CVE-2020-35525 Note that...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2023-2437)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3489 : mediawiki - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3489 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3489-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-3489-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3489-1] mediawiki security update

Debian LTS Advisory DLA-3489-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 10, 2023 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.31.16-1+deb10u5 CVE ID : CVE-2022-47927 A security issue was discovered in MediaWiki, a website engine for...

Mageia: Security Advisory (MGASA-2023-0214)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0214 Updated perl-DBD-SQLite packages fix security vulnerability

Possible unfixed security issues due to bundled sqlite3...

Updated perl-DBD-SQLite packages fix security vulnerability

Possible unfixed security issues due to bundled sqlite3...

PT-2023-36346 · Sqlite3 · Sqlite3

Name of the Vulnerable Software and Affected Versions: sqlite3 affected versions not specified Description: The issue is related to possible unfixed security issues due to bundled sqlite3. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SQLite denial of service vulnerability( CVE-2022-35737)

Summary Potential SQLite denial of service vulnerability CVE-2022-35737 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-35737 DESCRIPTION: SQLite is vulnerable to a denial of...

CVE-2023-36191

A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service DoS attack...

Nessus Network Monitor < 6.2.2 Multiple Vulnerabilities (TNS-2023-23)

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-23 advisory. Several of the third-party components were found to contain vulnerabilities, and updat...

sqlite security update

3.26.0-18.0.1 - Bumped release to add correct changelog entry. Version 3.26.0-18 fixes CVE-2020-24736 3.26.0-18 - Fixed CVE-2022-24736...

CLSA-2023-1688070107 sqlite: Fix of CVE-2020-24736

CVE-2020-24736: internally, remove all references to a Window object that belongs to an expression in an ORDER BY clause if that expression is converted to an alias of a result-set expression...

CLSA-2023-1688069016 sqlite: Fix of CVE-2020-24736

CVE-2020-24736: internally, remove all references to a Window object that belongs to an expression in an ORDER BY clause if that expression is converted to an alias of a result-set expression...