rpm package
suse/sqlite3&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19645 | — | < 3.36.0-3.12.1 | 3.36.0-3.12.1 | Dec 9, 2019 | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | ||
| CVE-2019-19317 | — | < 3.36.0-3.12.1 | 3.36.0-3.12.1 | Dec 5, 2019 | lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2019-19244 | — | < 3.36.0-3.12.1 | 3.36.0-3.12.1 | Nov 25, 2019 | sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | ||
| CVE-2015-3415 | — | < 3.36.0-3.12.1 | 3.36.0-3.12.1 | Apr 24, 2015 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as | ||
| CVE-2015-3414 | — | < 3.36.0-3.12.1 | 3.36.0-3.12.1 | Apr 24, 2015 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE cla |
- CVE-2019-19645Dec 9, 2019affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
- CVE-2019-19317Dec 5, 2019affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
- CVE-2019-19244Nov 25, 2019affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
- CVE-2015-3415Apr 24, 2015affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as
- CVE-2015-3414Apr 24, 2015affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE cla
Page 2 of 2