CVE-2019-16168

CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...

CVE-2019-16168

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner."...

[SECURITY] Fedora 29 Update: roundcubemail-1.3.10-1.fc29

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Updated sqlite3 packages fix security vulnerabilities

Updated sqlite3 packages fix security vulnerabilities: It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information CVE-2019-8457. It was discovered that SQLite incorrectly handled certain queries. An attacker could...

Denial of Service

Overview Versions of sequelize prior to 4.44.4 are vulnerable to Denial of Service DoS. The SQLite dialect fails to catch a TypeError exception for the results variable. The results value may be undefined and trigger the error on a .map call. This may allow attackers to submit malicious input tha...

SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection

!-- Exploit Title: Blind SQL injection in SQLiteManager 1.2.0 and 1.2.4 Date: 17-02-2019 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.sqlitemanager.org/ Software Link: http://www.sqlitemanager.org/ Version: SQLiteManager 1.2.0 and 1.2.4 Tested on: All CVE : CVE-2019-9083 Category:...

SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications !-- Exploit Title: Blind SQL injection in SQLiteManager 1.2.0 and 1.2.4 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.sqlitemanager.org/ Software Link: http://www.sqlitemanager.org/ Version: SQLiteManager 1.2.0 and 1.2.4 Tested on...

EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2019-1814)

According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree...

GLSA-201908-09 : SQLite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201908-09 SQLite: Multiple vulnerabilities Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could, by executing arbitrary SQL...

SQL Injection

Overview sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to SQL Injection due to sequelize.json helper function not escaping values properly when formatting sub paths for JSON queries for MySQ...

PT-2019-4671

Name of the Vulnerable Software and Affected Versions SQLite versions 3.29.0 and earlier Description The issue is related to a division by zero error in the query planner, specifically in the whereLoopAddBtreeIndex function. This error can cause a browser or other application to crash. The proble...

SQLite: Multiple vulnerabilities

Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact A remote attacker could, by executing arbitrary SQL statements against a vulnerable...

Debian DSA-4500-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-5805 A use-after-free issue was discovered in the pdfium library. - CVE-2019-5806 Wen Xu discovered an integer overflow issue in the Angle library. - CVE-2019-5807 TimGMichaud discovered a memory corruption issue...

Fedora Update for mingw-sqlite FEDORA-2019-49f80a78bc

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] [DSA 4500-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4500-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4500-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4500-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] Fedora 29 Update: mingw-sqlite-3.26.0.0-1.fc29

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

Fedora 29 : sqlite (2019-3377813d18)

Fixed out of bounds heap read in function rtreenode Enhance the rtreenode function of rtree used for testing so that it uses the newer sqlite3str object for better performance and improved error reporting. Note that Tenable Network Security has extracted the preceding description block directly...

cPanel Input Validation Error Vulnerability (CNVD-2019-29013)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in the SQLite journal feature in versions prior to cPanel 57.9999.54. The...

DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack

LAS VEGAS – Researchers at Check Point have identified a new class of vulnerabilities targeting SQLite, outside the context of a browser for the first time. The new attack techniques exploit memory-corruption issues in the SQLite engine itself — leading to a host of new hacks, including code...