Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in SQlite (CVE-2020-35525)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in SQlite caused by a NULL pointer derreference flaw in the INTERSEC query processing. CVE-2020-35525. SQlite is included as part of the Base OS used by our service images. Please read the...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Freedesktop D-Bus is used by IBM Robotic Process Automation as part of container base images CVE-2022-42010, CVE-2022-42011, CVE-2022-42012. GNU Libtasn1 is used by IBM Robotic Process Automation as...

Mageia: Security Advisory (MGASA-2023-0013)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2023-0094)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2023-1578)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2023-1588)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : sqlite (EulerOS-SA-2023-1588)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions...

EulerOS 2.0 SP11 : sqlite (EulerOS-SA-2023-1578)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions...

Important: sqlite

Issue Overview: SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVE-2022-35737 Affected Packages: sqlite Issue Correction: Run dnf update sqlite --releasever 2023.0.20230322 or dnf update --advisor...

Amazon Linux 2023 : lemon, sqlite, sqlite-analyzer (ALAS2023-2023-089)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-089 advisory. SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVE-2022-35737 Tenable has extracted the preceding...

CBL Mariner 2.0 Security Update: sqlite (CVE-2022-46908)

The version of sqlite installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46908 advisory. - SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly...

Wifi_Db - Script To Parse Aircrack-ng Captures To A SQLite Database

Script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes in 22000 hashcat format, MGT identities, interesting relations between APs, clients and it's Probes, WPS information and a global view of all the APs seen. / | | || | \ \ /\ / /| || | | | / ...

node-sqlite3 安全漏洞

node-sqlite3 is an asynchronous, non-blocking SQLite3 interface library based on Node.js. A security vulnerability exists in node-sqlite3 that stems from the fact that Node.js' SQLite3 bindings are vulnerable to the execution of arbitrary JavaScript code if the binding parameters are well-designe...

GHSA-JQV5-7XPX-QJ74 sqlite vulnerable to code execution due to Object coercion

Impact Due to the underlying implementation of .ToString, it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object. Users of sqlite3 v5.0.0 - v5.1.4 are affected by this. Patches Fixed in v5.1.5. All users are recommended to...

sqlite vulnerable to code execution due to Object coercion

Impact Due to the underlying implementation of .ToString, it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object. Users of sqlite3 v5.0.0 - v5.1.4 are affected by this. Patches Fixed in v5.1.5. All users are recommended to...

CVEfixes-db

This repository is an offensive tool for collecting and processing CVE Common Vulnerabilities and Exposures data. It is a Python-based tool that collects CVE data from various sources, including the National Vulnerability Database NVD and GitHub, and stores it in a SQLite database. The tool is...

Debian: Security Advisory (DSA-3714)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

php: PDO:: quote() may return unquoted string due to an integer overflow

A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplie...

CVE-Vulnerability-Information-Downloader - Downloads Information From NIST (CVSS), First.Org (EPSS), And CISA (Exploited Vulnerabilities) And Combines Them Into One List

Common Vulnerability Scoring System CVSS is a free and open industry standard for assessing the severity of computer system security vulnerabilities. Exploit Prediction Scoring System EPSS estimates the likelihood that a software vulnerability will be exploited in the wild. CISA publishes a list ...

Security Bulletin: Vulnerability in sqlite affects IBM VM Recovery Manager DR GUI

Summary There is vulnerability in sqlite opensource package which affects IBM VM Recovery Manager HA and DR GUI. No impacts to VM Recovery Manager HA and DR cli. Vulnerability Details CVEID:CVE-2022-21227 DESCRIPTION: Node.js sqlite3 module is vulnerable to a denial of service, caused by improper...