CVE-2018-7773

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter...

CVE-2018-7774

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter...

CVE-2018-7766

The vulnerability exists within processing of trackgetdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...

CVE-2018-7769

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter...

CVE-2018-7772

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter...

CVE-2018-7768

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter...

CVE-2018-7765

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

CVE-2018-7769

CVE-2018-7769 affects Schneider Electric U.motion Builder (XML server) prior to version 1.3.4. The root cause is an SQL injection in the id input parameter processed by xmlserver.php, allowing unauthorized access to the underlying SQLite database. The NVD/NVD-affiliated and ICS documentation note...

CVE-2018-7767

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter...

CVE-2018-7765

Schneider Electric U.motion Builder is affected by CVE-2018-7765 via track_import_export.php, where the SQLite query on object_id is vulnerable to SQL injection. Affected versions are prior to v1.3.4. Exploitation could lead to arbitrary SQL execution with high impact (C/H/I/H) as per CVSS3, with...

EulerOS 2.0 SP3 : sqlite (EulerOS-SA-2018-1180)

According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to...

CVE-2018-1132

A flaw was found in Opendaylight's SDNInterfaceapp SDNI. Attackers can SQL inject the component's database SQLite without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to...

Design/Logic Flaw

A flaw was found in Opendaylight's SDNInterfaceapp SDNI. Attackers can SQL inject the component's database SQLite without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to...

CVE-2018-1132

A flaw was found in Opendaylight's SDNInterfaceapp SDNI. Attackers can SQL inject the component's database SQLite without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to...

CVE-2018-1132

OpenDaylight CVE-2018-1132 affects the SDNInterfaceapp (SDNI) component. The flaw allows unauthenticated attackers to SQL-inject the SDNI SQLite database via the SDNInterface code path that builds insert queries, specifically in the SDNI database handling. The vulnerability arises from portName c...

Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in sqlite (CVE-2016-6153)

Summary A security vulnerability has been discovered in sqlite that is embedded in the IBM FSM. This bulletin addresses this vulnerability. Vulnerability Details CVEID: CVE-2016-6153 DESCRIPTION: SQLite could allow a local attacker to gain elevated privileges on the system, caused by the creation...

Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Vulnerabilities in Python, rpcbind, SQLite packages affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2014-4650 DESCRIPTION: Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failu...

Security Bulletin: A vulnerability in the SQLite component of the Response Time agent affects IBM Performance Management products

Summary SQLite is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by getNodeSize function in ext/rtree/rtree.c. By using a specially-crafted database, a remote attacker could overflow a buffer and cause unspecified impacts on the system. Vulnerability Details CVEID:...

Security Bulletin: A vulnerability in the SQLite component of the Response Time agent affects IBM Performance Management products (CVE-2016-6153)

Summary SQLite could allow a local attacker to gain elevated privileges on the system, caused by the creation of temporary files in directory with insecure permissions. An attacker could exploit this vulnerability to obtain leaked data. Vulnerability Details CVEID: CVE-2016-6153 DESCRIPTION: SQLi...

Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-6153 )

Summary SQLite could allow a local attacker to gain elevated privileges on the system, caused by the creation of temporary files in directory with insecure permissions. An attacker could exploit this vulnerability to obtain leaked data. Vulnerability Details CVEID: CVE-2016-6153 DESCRIPTION: SQLi...