Security Bulletin: Vulnerability in sqlite affects IBM VM Recovery Manager HA GUI

Summary There is vulnerability in sqlite opensource package which affects IBM VM Recovery Manager HA and DR GUI. No impacts to VM Recovery Manager HA and DR cli. Vulnerability Details CVEID:CVE-2022-21227 DESCRIPTION: Node.js sqlite3 module is vulnerable to a denial of service, caused by improper...

K96300145: C Library (SQLite & libxslt) vulnerabilities CVE-2019-16168 CVE-2019-13117 CVE-2019-13118

Security Advisory Description CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner." CVE-2019-13117 In numbers.c in libxslt...

K15903: Multiple PHP vulnerabilities

Security Advisory Description Description CVE-2012-3365 The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors. CVE-2012-2329 Buffer overflow in the apacherequestheaders function in sapi/cgi/cgimain.c in PHP 5.4...

K16950: SQLite vulnerability CVE-2015-3416

Security Advisory Description The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overfl...

K37236006: SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415

Security Advisory Description CVE-2015-3414 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact...

K19533600: SQLite Vulnerability CVE-2019-13734

Security Advisory Description Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13734 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

php: PDO:: quote() may return unquoted string due to an integer overflow

A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplie...

Vulnerabilities fixed in IBM MQ Operator and Queue Manager

IBM has fixed vulnerabilities in MQ Operator and Queue Manager. An unauthenticated malicious person could exploit them to cause a denial-of-service, or potentially execute arbitrary code on the vulnerable system. The vulnerabilities are located in the underlying libksba and sqlite libraries. IBM...

Security Bulletin: IBM MQ Operator and Queue Manager container images are vulnerable to vulnerabilities from libksba and sqlite (CVE-2022-47629 and CVE-2022-35737)

Summary Issues were identified in Red Hat UBI packages libksba and sqlite that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-47629 DESCRIPTION: Libksba could allow a remote attacker to execute arbitrary code on the system,...

SUSE CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

SUSE CVE-2007-1887

Buffer overflow in the sqlitedecodebinary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqliteudfdecodebinary function with a...

SUSE CVE-2010-1868

The 1 sqlitesinglequery and 2 sqlitearrayquery functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory...

SUSE CVE-2012-0863

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file...

SUSE CVE-2012-3365

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors...

SUSE CVE-2013-7443

Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service crash via crafted SQL statements...

SUSE CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

SUSE CVE-2015-3415

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service invalid free operation or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by...

SUSE CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

SUSE CVE-2015-3659

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cau...

SUSE CVE-2015-3717

Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...