EulerOS Virtualization 2.9.0 : sqlite (EulerOS-SA-2021-1973)

According to the version of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL...

Fedora: Security Advisory for python-databases (FEDORA-2021-e7fabd81fb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Oracle Linux 8 : sqlite (ELSA-2021-1581)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1581 advisory. - Fixed CVE-2020-13434 1845843 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

sqlite security update

3.26.0-13 - enabled fts3conf.test on s390x and ppc64 architectures 3.26.0-12 - Fixed CVE-2020-13434 1845843 - Fixed CVE-2020-15358 1855208...

[SECURITY] Fedora 34 Update: python-databases-0.4.3-2.fc34

Databases gives you simple asyncio support for a range of databases. It allows you to make queries using the powerful SQLAlchemy Core expression language, and provides support for PostgreSQL, MySQL, and SQLite. Databases is suitable for integrating against any async Web framework, such as...

Adminer 4.6.1 < 4.8.1 XSS Vulnerability - Windows

Adminer is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adminer:adminer";...

Denial Of Service (DoS)

sqlite is vulnerable to denial of service. The vulnerability exists due to select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation...

DEBIAN-CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

Cross site scripting

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

CVE-2021-29625 XSS in doc_link

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

CVE-2021-29625

CVE-2021-29625 affects Adminer 4.6.1–4.8.0 when using a pdo_ extension to communicate with MySQL/MariaDB/PgSQL/SQLite, in browsers without CSP. The underlying issue is cross-site scripting (XSS) in Adminer’s UI, mitigated in environments with CSP or when native PHP extensions (e.g., mysqli) are e...

CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

RHEL 8 : sqlite (RHSA-2021:1581)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1581 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a singl...

CentOS 8 : sqlite (CESA-2021:1581)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1581 advisory. - sqlite: integer overflow in sqlite3strvappendf function in printf.c CVE-2020-13434 - sqlite: heap-based buffer overflow in multiSelectOrderBy due to...

RHEL 8 : mingw (RHSA-2021:1968)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1968 advisory. MinGW is a free and open source software development environment to create Microsoft Windows applications. The following packages have been...

CentOS 8 : mingw packages (CESA-2021:1968)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1968 advisory. - sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c CVE-2019-16168 - sqlite: integer overflow in sqlite3strvappendf function in printf.c...

sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c

A use-after-free vulnerability was found in the SQLite FTS3 extension module in the way it implemented the snippet function. This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code...