CVE-2021-20223

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

UBUNTU-CVE-2021-42523

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'errmsg' of 'sqlite3exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it...

PT-2022-9171 · Sqlite +2 · Sqlite +2

Name of the Vulnerable Software and Affected Versions: Sqlite versions prior to 3.34.0 Description: An issue was found in the fts5UnicodeTokenize function in ext/fts5/fts5 tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" class Cc, was treating embedded...

编号撤回

SQLite is a lightweight database that is an ACID-compliant relational database management system. SQLite has a security vulnerability that stems from the fts5UnicodeTokenize function of its ext/fts5/fts5tokenize.c component that handles unicode " control-characters" class Cc of the unicode61...

PT-2022-37207 · Sqlite3 · Sqlite3

Name of the Vulnerable Software and Affected Versions: sqlite3 affected versions not specified Description: The issue is related to a heap-buffer-overflow read. Technical details about the crash include the sqlite3VdbeExec and sqlite3 step functions, as well as the osquery::readRows function...

Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring RRT Agent (CVE-2021-45346)

Summary A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain...

FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS

FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual cameras that provides continuous temperature monitoring and alarming for critical electrical and mechanical equipment. Affected products: All FLIR AX8 thermal...

CVE-2022-37062

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

Design/Logic Flaw

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

CVE-2022-37062

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

CVE-2022-37062

The CVE-2022-37062 issue affects Teledyne FLIR AX8 thermal sensor cameras version up to and including 1.46.16, due to an insecure design from improper directory access restriction that allows an unauthenticated remote attacker to request a URI containing the path to the SQLite users database and ...

Database Integrity Vulnerabilities in Boeing’s Onboard Performance Tool

This post is released in a co-ordinated manner with Boeing. TL;DR: Security gaps in older, unprotected Windows desktop versions of Boeing’s Onboard Performance Tool OPT could make certain Electronic Flight Bags EFB more susceptible to attack. In particular, OPT’s use of plain text configuration...

sqlite (>=0.19.7 <=0.21.1), sqlite3-sys (>=0.6.7 <=0.9.2) +3 more potentially affected by unknown CVE via temporary (=0.5.1)

temporary CARGO version =0.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on temporary and may be impacted: - sqlite =0.19.7, =0.6.7, =0.11.0, =0.2.6, =0.2.7 Source cves: unknown CVE Source advisory: OSV:GHSA-2JQ9-6XX7-3H29...

SQLite 1.0.12 < 3.39.2 Improper Input Validation Vulnerability

SQLite is prone to an improper input validation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

`libsqlite3-sys` via C SQLite improperly validates array index

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

GHSA-JW36-HF63-69R9 `libsqlite3-sys` via C SQLite improperly validates array index

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

RUSTSEC-2022-0090 `libsqlite3-sys` via C SQLite CVE-2022-35737

It was sometimes possible for SQLite versions = 1.0.12, 3.39.2 to allow an array-bounds overflow when large string were input into SQLite's printf function. As libsqlite3-sys bundles SQLite, it is susceptible to the vulnerability. libsqlite3-sys was updated to bundle the patched version of SQLite...

`libsqlite3-sys` via C SQLite CVE-2022-35737

It was sometimes possible for SQLite versions = 1.0.12, 3.39.2 to allow an array-bounds overflow when large string were input into SQLite's printf function. As libsqlite3-sys bundles SQLite, it is susceptible to the vulnerability. libsqlite3-sys was updated to bundle the patched version of SQLite...

ALPINE-CVE-2022-35737

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

DEBIAN-CVE-2022-35737

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...