osquery Command Injection Vulnerability

osquery is a SQL-driven framework for operating system detection, monitoring and analysis. A command injection vulnerability exists in osquery versions prior to 4.6.0, which stems from the fact that by using additional predicates in sqlite, a person with osquery administrative access can read and...

NewStart CGSL CORE 5.05 / MAIN 5.05 : sqlite Vulnerability (NS-SA-2020-0096)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sqlite packages installed that are affected by a vulnerability: - Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Integer Overflow

SQLite is vulnerable to integer overflow. An attacker may supply a crafted changes to FTS3 shadow tables, allowing execution arbitrary code by leveraging the ability to run arbitrary SQL statements...

NULL Pointer Dereference

SQLite is vulnerable to NULL pointer dereference. An attacker, interleaving reads and writes in a single transaction with an fts5 virtual table could cause denial of service conditions...

Information Disclosure

SQLite is vulnerable to information disclosure. An attacker could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c leading to a disclosure of sensitive information...

Arbitrary Code Execution

SQLite is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary code via a buffer overflow when the FTS3 extension is enabled...

About the security content of iCloud for Windows 11.5

About the security content of iCloud for Windows 11.5 This document describes the security content of iCloud for Windows 11.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

KLA12017 Mulitple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A use after free vulnerability in...

CVE-2020-25738

CyberArk Endpoint Privilege Manager EPM 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database...

Design/Logic Flaw

CyberArk Endpoint Privilege Manager EPM 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database...

CVE-2020-25738

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 is affected. The issue involves injecting a DLL into a process that normally has credential access (e.g., Chrome) to bypass a Credential Theft protection mechanism, enabling access to credentials read from a SQLite database. The impact is crede...

CVE-2020-25738

CyberArk Endpoint Privilege Manager EPM 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database...

Zetetic Sqlcipher 资源管理错误漏洞

Zetetic Sqlcipher is a SqlLite-based database from Zetetic USA. The database provides a SqlLite-like access API while adding numerous security elements. A resource management error vulnerability exists in Zetetic SQLCipher versions 4.x through 4.4.1, which stems from sqlciphercodecpragma and...

CVE-2020-27557

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...

CVE-2020-27557

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...

Design/Logic Flaw

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...

CVE-2020-27557

CVE-2020-27557 describes an Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921. The issue allows local users to access the video streaming username and password via SQLite files containing plain text credentials. Affected software/hardware: BASETech G...

CVE-2020-27557

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...

About the security content of iTunes 12.10.9 for Windows - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Oracle Linux 8 : sqlite (ELSA-2020-4442)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4442 advisory. - Fixed bug in CVE-2019-20218 1791592 - Fixed CVE-2020-13632 1845572 - Fixed CVE-2020-13631 1845474 - Fixed CVE-2020-13630 1845153 - Fixed CVE-2019-501...