Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-9327)

Summary A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender Vulnerability Details CVEID: CVE-2020-9327 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in isAuxiliaryVtabOperator. By generating column optimization, a remote...

[SECURITY] Fedora 33 Update: roundcubemail-1.4.10-1.fc33

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 32 Update: roundcubemail-1.4.10-1.fc32

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

flatCore SQL注入漏洞

flatCore is a lightweight content management system CMS based on PHP and SQLite. A SQL injection vulnerability exists in flatCore CMS prior to version 2.0.0 build 139. The vulnerability stems from the program accepting input from a malicious user without properly detecting the input, resulting in...

flatCore CMS XSS / File Disclosure / SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: 2.0.0 Build 139 fixed version: Release 2.0.0 Build 139 CVE number: CVE-2021-23835, CVE-2021-23836,...

SQLite report about CVE-2021-23404

This is not a bug in SQLite. The bug is in a third-party application that uses SQLite and includes "sqlite" in its name. This CVE is included on the list because it mentions SQLite even though the bug has nothing to do with SQLite...

SQLite report about CVE-2021-20223

The problem identified by this CVE is not a vulnerability. It is a malfunction. A coding error causes FTS5 to sometimes return inconsistent and incorrect results under obscure circumstances, but no memory errors occur. details...

SQLite report about CVE-2021-36690

This bug is not in the SQLite core library, but rather in an experimental extension that is used to implement the .expert command in the CLI. The code that contains the bug does not appear in standard SQLite builds, though it is included in the sqlite3.exe command-line tool. Applications must lin...

SQLite report about CVE-2021-31239

This is a bug in the CLI. It allows a user with unrestricted shell access to cause a denial-of-service. Of course, there are a million easier ways for a user with unrestricted shell access to cause far worse mischief. The problem was in the appendvfs extension which is not a part of standard...

SQLite report about CVE-2021-20227

Malicious SQL statement causes read-after-free. No harm can come of this particular read-after-free instance, as far as anyone knows. The bug is undetectable without a memory sanitizer. The CVE claims that this bug is an RCE - a Remote Code Execution vulnerability, but that claim is incorrect. Th...

SQLite report about CVE-2021-0646

Duplicate of CVE-2020-13434...

SQLite report about CVE-2021-45346

This CVE is misinformation. See the discussion around SQLite forum post 53de8864ba114bf...

SQLite report about CVE-2021-28305

This is not a bug in SQLite. The bug is in a third-party application that uses SQLite. SQLite is mentioned by name in the CVE description, however, so we have included the CVE in the list...

CVE-2020-26273

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This does allow arbitrary...

CVE-2020-26273 sqlite ATTACH allows some filesystem access

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This does allow arbitrary...

CVE-2020-26273

Summary: CVE-2020-26273 affects osquery prior to 4.6.0. By abusing sqlite’s ATTACH verb, an administrator can read/write to arbitrary sqlite databases on disk, potentially creating new sqlite files. Existing non-sqlite files are not overwritten according to the sources. The vulnerability is mitig...

Apple SQLite Information Disclosure Vulnerability

Apple macOS is a specialized operating system developed by Apple for Mac computers. A security vulnerability exists in Apple SQLite, which allows remote attackers to exploit the vulnerability to disclose memory...

About the security content of iCloud for Windows 11.5 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

About the security content of iCloud for Windows 11.4 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

The vulnerability of the zipfile() function in the SQLite database management system allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the zipfile function in the SQLite database management system is related to the improper handling of certain ZIP archives. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...